Federal  rules  tax  enterprises 

Many  companies  are  unprepared  for  the  electronic 
discovery  requirements  that  went  into  effect  Dec.  1. 

PAGE  16. 
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TO  WATCH! 


Inside  Vyatta 


Part  2  of  our  look  at  telecom 
expense  management  firms. 

PAGE  34. 


CEO  Kelly  Herrell  and  Chief  Strategist  Dave  Roberts  sit 
down  for  a  Q&A  session  about  their  open  source 
router  company  and  the  buzz  it’s  generating.  PAGE  28. 


NETWORKWDH. 


The  leader  in  network  knowledge  ■  www.networkworld.com 


NETWORKWORLD 


ConSentry  edges  Nevis  in 
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►ConSentry’s  LANShield  controller 
is  an  in-line  firewall  with  NAC 
functionality. 


CHOICE 

TESTS 


HP,  Symantec  score  high  in 
test  of  storage  resource 
management.  Page  64. 


Before  they  were  gurus 

Consultants,  analysts  share  old  war  stories. 


BY  DENISE  DUBIE 

In  the  IT  department  at  Indiana 
University,  Joe  Skorupa  quickly 
learned  he  wasn’t  there  to  put 
technology  in  place  just  for  the 
fun  of  it. 

“I  knew  the  guy  selling  the 
alumni  their  tickets  to  basketball 
games  could  have  had  me  fired 
on  a  dime  if  his  systems  weren’t 
working,”  says  Skorupa  of  his  first 
IT  gig  some  20-plus  years  ago.  “If 


the  alumni  didn’t  get  their  tickets, 
the  university  didn’t  get  millions 
of  dollars  in  donations.  In  the  real 
world,  there  are  business  values 
attached  to  the  technology’ 
Skorupa  today  is  a  research  vice 
president  covering  network  and 
communications  equipment  at 
Gartner.  He  values  the  lessons  he 
learned  early  in  his  career,  as  do 
many  other  industry  analysts  and 
See  Consultants,  page  32 
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Online  extras:  www.nwdocfinder.com/6359 

•  Audio:  Analysts  reminisce  about  their  days  in  IT  departments. 

•  Q&A  with  Gartner  security  guru  John  Pescatore. 

•  Notable  quotes  from  IT  pros  turned  analysts. 
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Cisco  looks  to  ease 
VPN  deployments 


Simpler  site-to-site  VPNs, 
higher  WAN  performance  and 
other  features  are  on  tap. 

BY  PHIL  HOCHMUTH 

Cisco  this  week  is  expected  to  introduce  VPN  tech¬ 
nology  that  could  help  businesses  with  fast-growing 
branch-office  deployments  more  quickly  set  up  and 
maintain  secure  WAN  links. 

The  company  plans  to  introduce,  as  part  of  a 
larger  announcement  (see  related  story,  page  10), 
what  it  calls  Group  Encryption  Transport  (GET) 
with  a  new  version  of  its  IOS  switch/routing  soft¬ 
ware.  GET  will  let  customers  work  together  in  a  site- 
to-site  VPN  more  easily  than  with  Cisco’s  current 
site-to-site  VPN  technology,  which  is  based  on  IPSec 
tunneling,  experts  say.  (For  more  on  other  new  IOS 
features,  go  to  www.nwdocfinder.com/6378.)  AT&T 


also  is  expected  to  launch  a  GET-based  enhance¬ 
ment  to  its  MPLS-based  IP  VPN  services,  so  that  traf¬ 
fic  on  an  IP  VPN  link  could  be  encrypted  as  a  fur¬ 
ther  security  measure,  Cisco  and  AT&T  say 

In  a  GET  VPN,  Cisco  branch-office  routers  are  con¬ 
figured  as  part  of  a  group,  in  which  members  are 
authorized  to  exchange  encrypted  traffic  flows.  A 
centralized  key  server  —  a  specially  configured 
router — distributes  the  encryption  keys  to  each  GET 
member  via  a  protocol  called  Group  Domain  of  In¬ 
terpretation  (GDOI),  defined  by  IETF  RFC  3547 
(www.nwdocfinder.com/6361). 

GDOI  coordinates  group  membership  and  creates 
a  common  encryption  infrastructure  using  a  method 
called  multicast  rekeying.This  technique  uses  IP  mul¬ 
ticast  to  distribute  IPSec  security  associations,  keys 
and  policies  to  group  members.  That  process  allows 
secure  traffic  connections  over  the  Internet.  IPSec 

See  Cisco,  page  10 


Vista  not  the  only  call 
for  Microsoft  shops 


BY  JOHN  FONTANA 

The  hard  part  is  over:  Microsoft 
officially  rolled  out  the  Vista  client 
operating  system  last  week;  now 
it  must  persuade  users,  who 
have  more  desktop  op¬ 
tions  with  Linux  and 
Apple  OS  X,  that  the 
operating  system  is  the 
way  to  go. 

And  Vista,  which  has 
been  in  development  for  five 
years,  isn’t  the  only  decision  on 
the  table  for  corporate  IT.  Microsoft 
also  shipped  Office  2007  and  an¬ 
nounced  a  faux-launch  of  Exchange 


2007,  which  is  slated  to  be  generally 
available  early  this  month. 

Together  these  products  offer  a  for¬ 
midable  trio  of  software  upgrade 
decisions  that  will  require 
careful  consideration.  It  is 
the  first  time  in  1 1  years 
that  Microsoft’s  flagship 
products,  which  still  gen¬ 
erate  more  than  90%  of 
the  company’s  revenue, 
have  been  shipped  simulta¬ 
neously,  going  back  to  Windows 
95  and  Office  95. 

At  that  time,  the  Rolling  Stones’ 

See  Vista,  page  14 


YourTake 


Tea  Scott 

Pinkerton, 


communi¬ 


cations  infra¬ 
structure  department 
manager  at  Argonne 
National  Laboratory,  on: 

•  How  Argonne  went 
from  failing  to  acing 
security  audits. 

•  Getting  creative  with 
intrusion-detection 
systems. 

•  Worrying  about 
personally  identifiable 
information. 

Page  30 


Remote  access  is  no  longer  a  perk  for  the  few,  but  a  necessity  for  everyone. 
Microsoft®  Exchange  Server  2007  unifies  e-mail,  v-mail,  and  calendars  into  a  single 
system  with  advanced  security  that  connects  everyone  to  the  information  they  need, 
anywhere  they  go.  See  how  companies  are  giving  more  people  more  access  at 

microsoft.com/exchange 
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»  Employees  and  guests  bringing  in  more  than  business?  Protect  your  network  -  and  give  appropriate  access  - 
all  with  Juniper’s  Unified  Access  Control  v2.0. 

You  don’t  have  to  replace  your  switching  infrastructure  or  be  locked  into  one  vendor  to  get  the  security  you  need. 
Juniper’s  UAC  2.0  supports  open  standards  and  provides  enforcement  using  any  vendor’s  802.1X-enabled 
switches  and  access  points,  your  existing  Juniper  firewalls,  or  both.  And  a  single  UAC  deployment  gives  you 
security  for  guests,  contractors  and  employees  -  cross  platform.  Juniper  makes  any  network  more  secure: 

www.juniper.net/UAC 
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countries.  Page  40. 
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Clear  Choice  Test: 

Start-ups  ConSentry  and  Nevis  offer 
new  appliances  for  enterprise  network  access 
control.  Page  58. 


■  ConSentry’s  LANShield  controller  is  an 
in-line  firewall  with  NAC  functionality. 
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Clear  Choice  Test: 

HP's  Storage  Essentials  Enterprise  Edition  and  the 
Veritas  CommandCentral  Storage  4.3  from  Symantec 
score  high  in  our  test  of  storage  resource  management  wares.  Page  64. 
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Gates  Foundation  expands  digital-divide  initiative 

The  Bill  &  Melinda  Gates  Foundation  last  week  announced  a 
$328  million  plan  to  provide  computer  and  Internet  services 
through  public  libraries  in  developing  nations.  Botswana, 
Latvia  and  Lithuania  won  the  first  round  of  grants,  a  total  of 
$17.5  million.The  grants  are  aimed  at  creating  opportunities 
for  people  in  the  developing  world  to  access  the  Internet.  A 
portion  of  the  funds  will  be  set  aside  for  IT  training  programs. 
The  initiative  comes  amid  heightened  sensitivity  to  the  need 
to  bridge  the  digital  divide  in  developing  nations.  A  number  of 
companies  and  groups  are  working  to  provide  low-cost  IT 
products  and  Internet  access  to  poor  areas  of  the  world, 
including  the  One  Laptop  Per  Child  Group  led  by  Nicholas 
Negroponte,  a  co-founder  of  the  Massachusetts  Institute  of 
Technology  Media  Laboratory;  Via  Technologies,  which  is 
building  solar-powered  computer  centers;  and  Intel,  which 
has  pledged  $1  billion  over  five  years  for  computers  and 
Internet  access. 


U.S.  agency  recommends 
e-voting  paper  trail 

■  The  National  Institute  of  Standards 
and  Technology  has  recommended 
that  the  U.S. government  require  touch¬ 
screen  electronic  voting  machines  to 
include  independent  audit  technology 
such  as  printouts.'The  lack  of  an  inde¬ 
pendent  audit  capability  in  systems  is 
one  of  the  main  reasons  behind  con¬ 
tinued  questions  about  voting-system 
security  and  diminished  public  confi¬ 
dence  in  elections,”  says  a  NIST  paper 
released  this  month. “In  practical  terms 
the  software-dependent  approach  can¬ 
not  be  made  secure  or  highly  reliable.” 


The  Technical  Guidelines  Develop¬ 
ment  Committee  of  the  U.S.  Elections 
Assistance  Commission  is  scheduled 
to  review  NIST’s  recommendation  at  a 
meeting  Monday  and  Tuesday 

IBM  wins  data  center 
consolidation  contract 

■  IBM  announced  last  week  that  it 
won  a  seven-year, $863  million  contract 
to  consolidate  the  Texas  state  govern¬ 
ments  31  data  centers  into  two  facili¬ 
ties  in  San  Angelo  and  Austin. The  pro¬ 
ject  will  take  two  years  and  is  projected 
to  save  Texas  $25  million  in  2008  and 
See  News  Briefs,  page  6 
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2009  and  $159  million  over  the  base  contract  period, 
IBM  and  the  Texas  Department  of  Information 
Resources  said.  IBM  will  run  the  contract  and  provide 
mainframe  and  server  consolidation  and  IT  opera¬ 
tions.  Contract  partners  Unisys  will  provide  facilities 
management  and  data-center  operations.  Xerox  will 
provide  print  management  and  operations,  and  Pit¬ 
ney  Bowes  will  provide  mail  services.  AT&T  and  Dell 
also  are  part  of  the  contract,  offering  hardware,  soft¬ 
ware,  and  change  and  risk-management  services.  IBM 
said  it  would  meld  the  data  centers  into  an  existing 
13,000-square-foot  data  center  in  San  Angelo  and  a 
36,000-square-foot  data  center  it  is  creating  in  Austin. 

Watchdog:  Verizon,  Alltel  tops 

■  Just  in  time  for  the  holidays  Consumer  Reports  is 
scheduled  to  release  new  ratings  of  the  biggest  wire¬ 
less  service  providers  across  the  country  The  maga¬ 
zine  says  it  will  publish  in  its  Dec.  4  issue  a  story  that 
names  Verizon  as  tops  in  customer  satisfaction  in 
most  cities  surveyed,  with  Cingular  and  Sprint  getting 
the  lowest  ratings.  The  publication  says  that  43,000 
wireless  subscribers  in  20  markets  participated  in  sur¬ 
veys  used  to  create  the  ratings.  While  not  a  surprise  to 
anyone  who  has  used  a  cell  phone  for  any  length  of 
time,  call  quality  is  still  an  issue  for  many  consumers. 
Fifty-four  percent  of  respondents  who  switched  carri¬ 
ers  in  the  past  three  years  say  poor  call  quality  fueled 
the  switch, according  to  the  surveys.Only  33%  say  they 
switched  for  lower  rates.  One  interesting  fact,  accord¬ 
ing  to  the  publication,  is  that  the  relatively  small  wire¬ 
less  service  provider  Alltel  ranked  well  in  the  cities 
where  it  offered  service.  Alltel  is  considered  a  re¬ 
gional,  rather  than  national  wireless  service  provider. 

Business  Objects  to  acquire  Nsite 

H  Business  Objects  plans  to  acquire  Nsite 
Software,  which  develops  a  software-as-a-service 
delivery  platform,  in  a  move  to  offer  more  of  its 
own  products  over  the  Internet,  the  companies 
announced.  Business  Objects  said  it  will  integrate 
some  of  Nsite’s  software-as-a-service  technologies 
into  its  own  product  line,  allowing  it  to  release 
more  of  its  business-intelligence  software  in  the 
form  of  services  next  year.  Financial  terms  of  the 
acquisition  were  not  disclosed.  The  move  follows 
growing  interest  in  software-as-a-service,  which 
requires  users  to  have  only  an  Internet  connection 
and  little  or  no  software  installed  locally.  The  goal 
is  to  reduce  the  cost  of  deploying  and  maintaining 
applications.  Nsite  sells  a  product  called  On  De¬ 
mand  Enterprise,  used  by  companies  to  develop 
applications  that  can  be  accessed  over  the  Web 
through  a  browser.  It  also  offers  Application 
Center,  a  library  of  programs  for  delivering  over 
the  Internet,  called  Application  Center,  which 
includes  software  for  tasks  such  as  channel  man¬ 
agement,  quotes  and  sales.  It  also  offers  tools  for 
building  and  customizing  software-as-a-service 
applications. 
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<  Shopping  heaven.  Online  retailers 
proved  able  to  deliver  the  goods  on  Nov.  27,  which 
some  call  Cyber-Monday  in  recognition  that  it  is  per¬ 
haps  the  busiest  online  shopping  day  of  the  year. 
Keynote  Competitive  Research,  which  watches 
Web  site  performance,  said  shoppers  suffered 
few  of  the  performance  problems  they  experi¬ 
enced  on  the  day  after  Thanksgiving,  when  retailers 
such  as  Wal-Mart  struggled  to  keep  up  with  online 
consumers. 


Storage  spending  rises 

■  Companies  are  reaching  deeper 
into  their  pockets  to  add  data  storage 
capacity  to  their  computer  networks, 
according  to  an  industry  report 
released  last  week.  Worldwide  rev¬ 
enue  for  external  disk  storage  systems 
rose  to  $4.3  billion  in  the  third  quarter 
of  2006,  a  9.9%  increase  compared 
with  the  same  period  last  year,  accord¬ 
ing  to  IDC.This  is  the  14th  consecutive 
quarter  of  storage  revenue  growth,  a 
trend  IDC  attributes  to  more  companies  buying  stor¬ 
age  because  of  the  demand  to  save  more  data,  and  to 
existing  customers  buying  larger  capacity  systems. 
While  the  cost  per  megabyte  of  storage  has  contin¬ 
ued  to  decline,  the  average  selling  price  of  systems 
has  continued  to  rise,  because  enterprises  are  buying 
larger  capacity  storage.  The  market  share  rankings  of 
the  top  storage  vendors  were  unchanged  in  the  latest 
report.  EMC  kept  the  No.  1  spot,  with  a  21.4%  share  on 
an  18%  increase  in  revenue  over  the  year-ago  quarter 
to  $927  million.  HP  ranked  second,  with  a  17.6%  share 
on  just  1.8%  revenue  increase  to  $760  million. 


Leveling  criticism  at  Level  3.  Level  3  s  buying 

binge  elicited  this  comment  from  Victor  Schnee,  president  of  consul¬ 
tancy  Probe  Financial  Associates:  "They  haven't  been  able  to  build  any¬ 
thing  resembling  a  real  business  on  their  own,  so  it  makes  sense  that 
they  would  try  to  buy  one  through  acquisitions," 

Cell  phone  lost  and  found.  Where's  the  best  place 
to  look  for  a  lost  mobile  device?  Maybe  a  taxi  cab.  A  survey  issued  by 
a  mobile  security  company  last  week  revealed  that  during  the  past  six 
months  nearly  12,000  electronic  devices  were  left  in  cabs  in  the  San 
Francisco-Oakland  Bay  (3,106  devices)  and  Washington,  D.C.-Baltimore 
(8,701  devices)  areas. 
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“What  are  we  doing  about 
Vista?  In  one  word:  Apple.” 


Jim  Tieri,  director  of  IT  for  Holland  Co.  a  Crete,  III.,  manufacturer 
of  railway  welding  and  maintenance  equipment 

See  story  page  1 


Gov’t  extends  VeriSign  contract 

■  The  Department  of  Commerce  has  approved  an 
agreement  for  VeriSign  to  continue  to  operate  the 
.com  domain  for  six  more  years,  despite  objections 
about  pricing  and  security  The  agreement  was  sub¬ 
mitted  by  the  Internet  Corporation  for  Assigned 
Names  and  Numbers,  the  nonprofit  organization  that 
oversees  the  Internet’s  technical  infrastructure, 
VeriSign  announced  last  week.The  current  .com  con¬ 
tract  expires  in  late  2007.  The  approval  comes  even 
though  domain-name  registrar  GoDaddy.com  in 
September  criticized  the  deal,  saying  it  should 
include  infrastructure  build-out  requirements  and 
make  the  company  justify  built-in  price  increases. 
Also  in  September,  registrar  Network  Solutions 
released  a  report  saying  ICANN  has  failed  to  address 
security  in  its  latest  proposals  for  the  .com,  .biz,  .info 
and  .org  top-level  domains.  A  Network  Solutions  offi¬ 
cial  said  the  company  was  disappointed  that  the 
Commerce  Department  approved  the  agreement  “in 
the  face  of  widespread  opposition.” 


Alcatel-Lucent  deal  closes 

■  Alcatel-Lucent,  a  global  communications  giant 
with  combined  annual  revenue  of  more  than  $24  bil¬ 
lion,  officially  debuted  last  week  after  a  sometimes 
rocky  engagement  between  the  two  companies.  The 
deal  closed  Thursday,  about  eight  months  after  it  was 
announced  and  following  national  security  con¬ 
cerns,  investor  lawsuits  and  a  close  shareholder  vote. 
On  Friday,  the  company  began  trading  on  the 
Euronext  Paris  exchange  and  the  New  York  Stock 


Exchange  under  the  ticker  symbol  ALU.  Both  compa¬ 
nies  were  among  the  largest  suppliers  of  wired  and 
wireless  infrastructure,  and  the  combined  entity 
boasts  impressive  statistics:  79,000  employees  in  130 
countries,  about  23,000  of  whom  work  in  R&D,  a  ser¬ 
vices  team  of  more  than  18,000  and  customer  rela¬ 
tionships  with  the  100  largest  service  providers  in  the 
world.  The  consolidation  comes  as  carriers,  the  con¬ 
sumers  of  telecom  gear,  also  combine  into  fewer  and 
bigger  entities. 

CERT  issues  terrorism  alert 

■  The  Computer  Emergency  Readiness  Team  has 
warned  U.S.  banks  and  financial  institutions  of  a 
threatened  cyberattack  by  Al-Qaeda  terrorists.  The 
group  called  on  allies  to  attack  the  Web  sites  of  U.S. 
financial  institutions  in  December  in  retaliation  for 
the  United  States  holding  suspected  terrorists  at  the 
Guantanamo  Bay  Cuba,  prison  camp,  according  to  a 
U.S.  government  source.  CERT,  part  of  the  Department 
of  Homeland  Security,  sent  out  the  alert  Thursday,  but 
it  has  “no  information  to  collaborate  the  threat,”  said 
Joanna  Gonzalez,  a  DHS  spokeswoman. The  alert  was 
“really  sent  out  of  an  abundance  of  caution,”  she 
added.  Such  alerts  are  “not  uncommon,”  Gonzalez 
said,  although  she  declined  to  give  details  about  how 
often  CERT  issues  alerts.  Asked  whether  Al-Qaeda  has 
the  ability  to  carry  out  such  a  threat,  Gonzalez  said  she 
didn’t  have  that  information. 

COMPENDIUM 

You're  toast 

Send  Your  Name  on  Toast  at  least  $20  (all 
proceeds  go  to  charity),  and  they  will  write 
your  name  on  a  piece  of  toast,  photograph  it, 
then  send  you  a  copy  for  use  as  a  badge  of 
honor,  or  something,  on  yourWeb  site.  Read 
more  at  www.nwdocfinder.com/6356. 


Internet.  Voice. 
Entertainment  - 
All  at  Once.  Anywhere. 

The  holidays  are  a  time  for  connecting  with  friends  and 
family.  A  Wireless-N  network  from  Linksys  Sets  you  gift 
shop  online,  view  treasured  photos  and  videos,  enjoy 
festive  music  and  make  Internet  phone  calls  -  all  at  the 
same  time! 

Wireless-N  handles  voice,  Internet  and  entertainment 
up  to  12x  faster  and  with  up  to  4x  the  range  of  standard 
Wireless-G,  yet  works  seamlessly  with  Wireless-G  and 
-B  devices.  It  virtually  eliminates  dead  spots,  making  it 
great  for  larger  homes  and  home  offices. 

Linksys  Wireless-N  makes  it  easy  to  connect  for  the 
holidays. 


Linksys  is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in  the  U.S.  and  certain 
other  countries.  Copyright  ©  2006  Cisco  Systems,  Inc.  All  rights  reserved. 


WRT300N  Wireless-N  Broadband  Router 


For  more  information  on  the  new  Linksys  Wireless-N  products, 
visit  www.Linksys.com,  or  call  1  -800-737-7201 . 


Cisco  Systems 


PEER8AY 

From  our  online  forums 


■  Commenting  on  articles. 

We’ve  rolled  out  our  new  com¬ 
menting  system  —  so  now  you 
can  post  your  thoughts  on 
almost  every  article  on 
NetworkWorld.com.  When  you 
scroll  to  the  bottom  of  some 
pages,  you'll  see  a  box  that 
either  lets  you  start  a  discus¬ 
sion  or  jump  into  one. 

■  The  ancient  Greek  calcu¬ 
lator.  We've  done  a  couple  of 
stories  on  the  Antikythera 
Mechanism.  Andrew  Ramsey, 
part  of  the  team  who  investi¬ 
gated  the  device,  blogged  from 
a  conference  in  Greece  on  the 
calculator  for  us:  “As  a  dedi¬ 
cated  solar  eclipse  chaser 
myself,  I  can  understand  the 
ancients'  fascination  with 
these  phenomena,  so  to  find 
out  that  this  Mechanism's  pri¬ 
mary  role  was  to  predict  both 
solar  and  lunar  eclipses  was  a 
wonderful  revelation." 
www.nwdocfinder.com/6345 

■  Security,  storage  consoli¬ 
dation.  The  news  that 
Symantec  is  buying  the  assets 
of  data-protection  vendor 
Revivio  gets  one  user  wonder¬ 
ing  who's  next:  “Mimosa, 
Mendocino,  Timespring?" 
www.nwdocfinder.com/6346 

■  Desktop  spam  filtering.  A 

blog  post  by  News  Editor  Paul 
McNamara  on  Yet  Another 
Antispam  Service  gets  read¬ 
ers  discussing  their  own  per¬ 
sonal  antispam  techniques. 
Some  argue  for  the  delete  key; 
others  say  that's  absurd, 
www.nwdocfinder.com/6347 

IS  GCIE.  Michael  Clark  got  his 
CCIE  in  1998  and  reports  on  its 
difficulty:  "If  you  want  it,  go  for 
it.  Expect  to  work  hard  and 
keep  trying.  Even  in  the 
attempt  you  will  learn  some¬ 
thing  and  be  more  confident 
and  competent  in  your  chosen 
career —  and  isn't  that  point?" 
www.nwdocfinder.com/6376 

m  Microsoft,  Novell  and 
Linux.  Jump  into  the  debate. 
Imric  concludes  an  analysis: 
"As  for  running  Linux  on 
Windows,  why  would  anybody 
do  that?  Seriously,  it's  the 
worst  of  both  worlds." 
www.nwdocfinder.com/6377 
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FOLLOW  THESE  LINKS  TO  MORE  RESOURCES  ONLINE 


BLOGOSPHERE 


Bill  Gates  for  president9 

Plus:  Google’s  menu  and  the  downside  of  rebates. 


Gates  for  president?  There  is  a  movement,  of 
sorts,  to  elect  Bill  Gates  president  of  the  United 
States  —  or  at  least,  there’s  a  Web  site.  And  now 
Dilbert  comic  strip  creator  Scott  Adams  has 
thrown  his  support  behind  the  idea.  Paul  McNa¬ 
mara  investigates  in  Buzzblog.  www.nwdoc 
finder.com/6370 

Eat  at  Google’s.  Layer  8  this  week  salivates  over 
Google’s  cafeteria  menu. The  food  at  the  compa¬ 
ny’s  gigantic  New  York  headquarters  sounds,  well, 
scrumptious.  Its  inaugural  menu  includes  “Beef 
Bourguignon,  Braised  Mangalore  Salmon  in  Co¬ 
conut  Milk,  Wild  Striped  Bass  en  Papillote,  Beet¬ 
root-Marinated  Tofu  With  Chile  Scallion  Glaze 
and  much  more.”  wwwnwdocfinder.com/6371 

Run  from  rebates.  Lab  Alliance  member 
James  Gaskin  writes:  “Don’t  get  suckered  while 
doing  your  Christmas  or  end-of-year  tax-writeoff 
shopping  this  December:  avoid  rebates.The  price 


tempts  you,  but  realize  your  chance  of  getting 
your  rebate  money  is  far  lower  than  you  think.”  He 
points  to  another  column,  a  Dilbert  cartoon  and 
a  series  he  wrote  on  problems  getting  a  rebate 
from  Dell,  www.nwdocfinder.com/6372 

Wow,  an  80386  for  $2,600!  Jason  Meserve  takes 
a  trip  down  memory  lane,  when  memory  cost 
$800  for  2MB.  He  links  to  an  old  Radio  Shack  ad 
for  a  16MHz  system  that’s  “OS/2  ready!’ Just  $2,599. 

www.nwdocfinder.com/6373 

Lower  power  consumption  is  hot. 

Executive  Online  Editor  Adam  Gaffin  looks  at  a 
post  on  data-center  cooling  and  power  require¬ 
ments  by  Intel’s  Bradley  Ellison,  who  acknowl¬ 
edges  a  debate  within  Intel  among  chip  design¬ 
ers  on  the  need  for  lower-powered  chips  and 
speed,  but  adds  the  company  is  trying  to  reduce 
chip  power  requirements,  www.nwdocfind 
er.com/6374 


Hot  Seat  interviews,  the  coolest  tools,  and  more 


Hot  Seat: 

Protect 
your 
data! 

NetApp’s 
Manish  Goel  discusses 
how  the  company’s  data 
protection  and  retention 
systems  can  keep  the 
learning  curve  and  mainte¬ 
nance  requirements  low. 
www.nwdocfinder.com/6367 


Cool  Tools: 

A  look  at 
the  Treo 
680.  With 
Keith 

Shaw  feeling  under  the 
weather,  Jason  Meserve 
fills  in  with  a  quick  report 
on  the  newTreo  680  device, 
available  for  Cingular  cus¬ 
tomers. 

www.nwdocfinder.com/6368 


Twisted 
pair:  On 

the  road 
again . . . 

Jason  and 
Keith  check  in  from  the  IT 
Roadmap  tour  in  San 
Francisco  and  chat  about 
Cyber  Monday/Black  Friday 
hits  and  misses,  plus  a 
possible  Mozilla  Firefox 
browser  flaw. 
www.nwdocfinder.com/6369 


ASK  THE 

HELPDESK  Find  the  answers  to  these  prickly  problems  online. 

This  week:  Getting  out  of  a  dead-end  job. 


Ron  Nutter  helps  a  user  decide  which  certifi¬ 
cations  to  pursue  to  get  out  of  a  dead-end  job. 

Help  desk  response: 
www.nwdocfinder.com/6348 


Columnist  Dave  Kearns  ponders  the  future  of 
NetWare. 

Help  desk  response: 
www.nwdocfinder.com/6350 


Robin  Gareiss  looks  at  how  to  structure  sup¬ 
port  for  remote  offices. 

Help  desk  response: 
www.nwdocfinder.com/6349 


Storage  newsletter  author  Mike  Karp  looks  at 
the  growing  SMB  storage  market. 

Help  desk  response: 
www.nwdocfinder.com/6351 


BEST  OF  NW’S 

NEWSLETTERS 

Mobile 
security  lags 
compliance 
efforts 

Plus:  The  Microsoft 
Vista  Hype  Machine 
in  full  gear. 

Wireless  in  the  enterprise: 

There  is  a  frightening  lag 
between  organizations’  zeal  to 
use  mobile  devices  and  their 
ability  to  deploy  them  in  a  way 
that  complies  with  regulatory 
security  mandates.  Business 
managers  are  pointing  the  fin¬ 
ger  at  IT,  while  IT  is  pointing 
right  back. 

www.nwdocfinder.com/6352 

Unified  communications: 

Unified  messaging  offers  the 
potential  for  significant  gains  in 
user  productivity  and  reduced 
IT  investments  in  managing  dis¬ 
parate  elements  of  corporate 
infrastructure.  However,  Analyst 
Michael  Osterman  notes  that 
employing  a  unified  messaging 
system  presents  some  potential 
difficulties. 

www.nwdocfinder.com/6353 

Small  business  technology: 

The  Microsoft  Vista  Hype 
Machine  has  been  running  at 
high  gear  since  Vista’s  release 
on  Nov.  30  for  businesses  with 
license  agreements  and  will 
peak  again  in  Jan.  30  for  the 
consumer  release.  Should  you 
succumb  and  try  to  upgrade  to 
Vista  now? 

www.nwdocfinder.com/6354 

Network  optimization:  Blue 
Cross  and  Blue  Shield  of  Kansas 
City  went  shopping  for  an  appli¬ 
cation  layer  firewall  and  pur¬ 
chased  a  product  that  helped  it 
reduce  page-load  times  by  96% 
on  its  Web  site  —  while  staying 
compliant  with  HIPAA. 
www.nwdocfinder.com/6355 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder.com/1 002 


SECURING  PRODUCTIVITY 


www.websense.com/security 


Web  Security 

■p  jilt  jyp 

Web  Filtering 
Endpoint  Security 
We  b  s  enro^  Sj^iurity  Labs' 


Crimeware  takes  many  forms — keyloggers,  spyware,  Trojan  horses — but  has  only  one 
purpose,  to  compromise  your  defenses.  Websense  searches  more  than  75  million  websites 
every  day  to  find  these  threats  before  they  can  strike.  Because  they  will  stop  at  nothing. 

Get  proactive. 
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continued  from  page  1 

security  associations  in  a  GET 
VPN  are  timed  to  expire  after  a 
designated  period.  Periodically, 
the  key  server  pushes  new  keys  to 
the  group-member  routers  via 
multicast  —  or  multicast  rekeying 
—  before  the  security  associa¬ 
tions  expire  on  the  routers. 


Members  of  a  GET  group  essen¬ 
tially  are  IP  multicast  group  mem¬ 
bers,  but  they  exchange  IPSec  en¬ 
cryption  key  data,  letting  them 
communicate  securely  over  an 
untrusted  network. 

In  traditional  site-to-site  VPN 
tunnel  setups,  IPSec  VPN  tunnels 
are  established  and  maintained 
among  sites,  creating  a  secure 
hub-and-spoke  network  laid  on 


top  of  the  public  routed  Internet. 
This  makes  large  VPNs  hard  to 
set  up  and  limits  the  traffic  paths, 
because  all  devices  and  paths 
must  be  predefined,  technology 
watchers  say. 

“In  a  large,  fully  meshed  VPN, 
you  have  to  tell  each  endpoint 
where  the  other  endpoints  are 
and  build  a  lot  of  routes,”  says 
Zeus  Kerravala,  an  analyst  with 
Yankee  Group.  “Then  there  is  a 
whole  routing  table  that  gets  built 
underneath.  It’s  not  the  simplest 
thing  to  manage.  It’s  not  as  easy  as 
it  should  be.” 

Cisco  says  a  GET  VPN  lets  cus¬ 
tomers  use  the  basic,  routed  In¬ 
ternet  infrastructure  without  the 
VPN  tunnel  overlay  “We  describe 
[GET  VPN]  as  routing  the  way  you 
know  and  love  —  just  encrypted 
—  but  with  all  the  efficiencies 
built  into  the  routed  network,” says 
Inbar  Lasser-Raab,  a  product  mar¬ 
keting  director  at  Cisco.  “If  cus¬ 
tomers  are  using  a  hub-and- 
spoke,  they  will  see  an  improve¬ 
ment  in  latency  because  they’re 
just  using  a  routed  network.” 

Cisco  is  not  saying  how  much 
the  improvement  is.  Although  it 
has  collected  data  on  latency  and 
performance  differences  between 
its  own  IPSec  tunnel  and  GETVPN 
technologies,  the  company  is  not 
releasing  the  data.The  IOS  release 
that  contains  GET  is  Version 
12.4(1 1)T,  and  will  operate  on 
Cisco’s  1800,2800  and  3800  series, 
branch-office  Integrated  Services 
Routers,  as  well  as  on  the  Cisco 
7200  and  7300  series  WAN-aggre- 
gation  routers. 

VPN  dynamics 

Cisco  and  other  vendors,  such 
as  Juniper  and  Check  Point,  have 
technologies  that  can  make  set¬ 
ting  up  IPSec  VPN  tunnels  more 
dynamic  and  that  emulate  fully 
meshed  networks  where  nodes 
have  direct  links  to  each  other. 
Cisco,  for  example,  has  Dynamic 
Multipoint  VPN  (DMVPN),  an  IOS 
feature  that  lets  routers  in  hub- 
and-spoke  IPSec  VPNs  set  up  tun¬ 
nels  between  spokes  dynamically 

“[DMVPN]  helps  bypass  the 
hub-and-spoke  [topology]  and 
creates  more  of  a  mesh,”  says 
Robert  Whiteley  a  senior  analyst 
at  Forrester  Research. “It  gives  you 
a  more  automated  setup  of  tun¬ 
nels,  but  it  doesn’t  bypass  the  over¬ 
all  problem.  .  .  .You  still  have  to 
physically  say,  here  is  the  network 
topology 

Whiteley  says  a  GETVPN  would 

See  Cisco,  page  12 


Cisco  to  bolster  video  portfolio 

Cisco  this  week  is  expected  to  unveil  a  series  of  new  and 
enhanced  products  designed  to  let  carriers  deliver  applica¬ 
tion-  and  subscriber-aware  video  services. 

The  announcements  are  slated  for  this  week's  ITU  Telecom 
World  conference  in  Hong  Kong. 

Among  the  new  products  are  the  Cisco  Content  Delivery 
System  (CDS),  which  is  a  network  of  appliances  Cisco  calls 
Content  Delivery  Engines  (CDE)  that  collect,  store,  distribute,  per¬ 
sonalize  and  stream  content. 

CDEs  form  a  virtual  platform  on  which  a  variety  of  so-called 
Content  Delivery  Applications  can  be  deployed.  The  CDS  expe¬ 
dites  content  delivery —  personalized  entertainment,  interactive 
media  and  targeted  advertising  —  to  subscribers'  televisions,  and 
to  PCs,  mobile  handsets  and  other  multimedia-capable  devices. 

The  CDS  is  installed  at  Charter  Communications  and  Time 
Warner  Cable,  and  is  in  trials  with  a  number  of  wireline  providers 
around  the  world,  Cisco  says. 

Among  the  enhanced  products  are  Cisco’s  7600  series  router, 
which  now  supports  Cisco's  Intelligent  Services  Gateway,  which 
provides  policy  control,  service  control  and  subscriber  manage¬ 
ment.  Further  enhancements  include  integration  of  video/voice 
Session  Border  Control  for  IP  Multimedia  Subsystem  and  non- 
IMS  applications. 

A  future  enhancement  to  the  7600  router  is  a  capability  Cisco 
calls  Visual  Quality  Experience  (VQE),  which  will  improve  the  qual¬ 
ity  of  video  service  and  viewing  experiences  by  enabling  network- 
based,  rapid  channel-change  and  video  error  repair. 

VQE  supports  such  industry  standards  as  Real-timeTransport 
Control  Protocol  and  Real-timeTransport  Protocol  to  help 
providers  detect  and  repair  packet  loss  on  degraded  lines.  VQE 
initially  will  ship  as  an  appliance  but  will  be  integrated  into  the 
7600  series  routers  soon,  Cisco  says. 

The  6-year-old  7600  router,  considered  by  some  observers  to  be 
long  in  the  tooth,  continues  to  be  Cisco's  workhorse  platform  for 
Ethernet-based  edge  applications,  such  as  video,  for  businesses 
and  consumers. 

"We  have  a  platform  that  is  very  strong  on  Ethernet,  and  we're 
increasingly  adding  capabilities  to  it  that  are  higher-level  services," 
says  Mike  Volpi,  senior  vice  president  of  Cisco’s  Router  and 
Service  Provider  Technology  group.  “The  7600  road  map  is  very 
rich  in  those  broad  ranges  of  new  services.” 

“The  7600  we  sell  today  bears  no  resemblance  to  the  one  we 
sold  six  years  ago,"  Volpi  adds.  Sales  of  the  7600  grew  in  excess  of 
40%  over  the  past  year,  he  says. 

Services  enabled  by  these  new  and  enhanced  products  will  be 
delivered  to  residential  and  business  customers  via  Cisco’s 
Scient if ic-Atlanta  set-top  boxes.  Cisco  acquired  Scientific- 
Atlanta  a  year  ago  for  $6.9  billion. 

Cisco  also  is  expected  to  announce  this  week  that  Scientific- 
A  i  Santa  has  shipped  more  than  30  million  set-top  boxes  and  more 
than  6  million  digital  video  recorders. 

—  Jim  Duffy 


Cisco’s  GET  VPN  topology 

A  new  IOS  feature  lets  Cisco  routers  be  set  up  in  multi-path, 
full-mesh  VPN  configurations  without  the  establishment  of 
stateful  IPSec  VPN  tunnels,  the  company  says. 


Key  server 


Q  Group  members  register  with  the  key  server.  The  key  server  authenticates  and 
authorizes  the  members  and  downloads  the  IPSec  policy  and  keys  that  are 
necessary  for  them  to  encrypt  and  decrypt  IP  multicast  packets. 

El  Group  members  exchange  IP  multicast  packets  that  are  encrypted  using  IPSec. 

H  As  needed,  the  key  server  pushes  a  rekey  message  to  the  group  members  that 
contains  new  IPSec  policy  and  keys  to  use  when  old  IPSec  security  associations 
expire.  Rekey  messages  are  sent  in  advance  of  the  security  associations 
expiration  time  to  ensure  that  valid  group  keys  are  always  available. 


Cisco  boosts  connectivity 

Cisco  is  expected  to  announce  new  hardware  modules  for  its 
Integrated  Services  Router  line  that  add  network  manage¬ 
ment  and  monitoring,  as  well  as  connectivity  options,  such 
as  cable  broadband,  DSL  and  metro  Ethernet. 

The  new  modules  for  the  ISR  1800,  2800  and  3800  series  routers 
are  a  Network  Analysis  Module  (NAM)  and  WAN  interface  cards 
that  support  cable  modem,  metro  Ethernet  and  high-bit-rate  DSL 
links.  An  upgrade  to  the  ISR  Services  Engine  blades,  used  for 
various  add-on  features  such  as  VoIP  and  content  networking, 
also  is  planned. 

The  NAM  card  for  the  ISR  provides  the  same  features  as  the 
NAM  card  previously  available  for  the  Catalyst  6500  switch  — 
real-time  traffic  monitoring,  packet  capture  tools,  and  inspection 
of  capabilities  for  individual  user  and  application  flows,  using 
Cisco's  NetFlow  network  management  and  analysis  technology. 

“The  NAM  module  replaces  having  to  run  around  with  a  sniffer 
to  collect  data  about  traffic  patterns,”  says  Zeus  Kerravala,  an 
analyst  with  Yankee  Group. 

The  previous  NAM  module  was  able  only  to  provide  traffic 
analysis  for  LAN  or  campus  networks  where  a  NAM-enabled 
Catalyst  6500  switch  was  operating.  Putting  a  NAM  blade  into  a 
branch-office  router  could  help  businesses  get  a  better  handle 
on  traffic  problems  and  troubleshooting  for  the  WAN,  he  adds. 

The  Services  Engine  card  for  the  ISR  series  is  an  Intel-based 
Linux  blade  appliance  that  runs  extra  services  on  top  of  the 
router's  basic  WAN  routing  and  security  functions.  The  new  blade 
has  an  upgraded  processor  and  software  that  more  than  doubles 
the  performance  of  the  previous,  according  to  Cisco.  The  new 
Services  Engine  hardware  and  software  provides  as  much  as 
100Mbps  of  throughput  for  traffic  for  the  various  services  that 
can  run  on  the  blade.  These  include  CallManager  Express  VoIP, 
stateful  firewall  inspection,  standard  (non-Group  Encryption 
Transport)  IPSec  VPN  connectivity  and  content  caching, 

—  Phil  Hochmuth 


L 


If  you  buy  a  storage  system  now,  why  not  choose  one  that  can  also 
address  your  data  needs  later?  Take  the  IBM  System  Storage™  DS4200 
Express.  It  scales  from  1TB  to  56TB  and  anywhere  in  between1  - 
more  than  some  of  its  biggest  competitors.2  It’s  also  more  compatible 
with  more  operating  systems,  giving  you  a  simple  and  cost-effective 
way  to  grow.3  Because  with  IBM,  innovation  comes  standard. 

SCALES  FROM  GOT-IT-COVERED  TODAY 
TO  WE-CAN-HANDLE-IT  TOMORROW. 


IBM  System  Storage  DS4200  Express 


An  easy-to-use  disk  system  for  managing  your  growing  data  needs, 
with  a  comprehensive  hardware/software  3-year  limited  warranty4 


Industry-standard  19"  rack 

Scales  from  1TB  to  56TB,  helping  to  protect  your  investment  as  you  grow 
Heterogeneous  OS  support  -  no  other  midrange  disk  storage  product  is  more  compatible 
Supports  unique  4  Gbps  interface;5  500GB  SATA  II  hard  disk  drives1 
Fibre  Channel  Switched  (FC-SW)  and  Fibre  Channel  Arbitrated  Loop  (FC-AL)  standard 
Complimentary  installation  and  configuration  courseware  CD 

From  $11,474*  or  $297/month6 


"Price  does  nol  include  hard  drives.  A  minimum  of  !wo  hard  drives  is  required  All  prices  are  I8MS  estimated  retail  selling  prices  as  of  October  4,  2006.  Prices 
may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was 
develops  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features  or  services  discussed  in  this  document  in  older  countries.  Prices  subject  to 
clwnge  without  notice.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography  I  Denotes  raw  storage  capacity;  usable 
storage  capacity  may  be  less  than  slated.  Capacity  stated  in  uncompressed  mode  followed  by  capacity  using  data  compression  technology.  2,  Compared  to  EMC 
CLARiiON  CX300  and  HP  StorageWorks  MSA  1000.  3.  Compared  to  HP  StorageWorks  MSA  1000,  HP  StorageWorks  MSA  1500  and  EMC/Dell  AX150.  4  IBM 
hardware  products  am  manufactured  from  new  [arts,  or  new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  Telephone  support  may  Ik  subject  to 
additional  charges  For  on-site  labor,  I8M  will  atlempl  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-sile  warranty  is  available  only 
for  selected  components.  5.  As  compared  lo  other  major  storage  vendors.  6.  IBM  Global  Financing  offerings  aie  provided  fhrough  IBM  Credit  LLC  in  the  United  States 
and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  tor  planning  puiposes  only 
and  may  vary  based  on  your  credit  and  other  factors,  lease  offer  provided  is  based  on  an  FMV  lease  ol  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and 
offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM,  tfie  IBM  logo  and  System  Storage  are  trademaiks  or  registered  trademaiks  ol  International 
Business  Machines  Corporatton  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  otheis. 
©  2006  IBM  Corporation  All  rights  reserved 
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PAY  $0  FOR  THE  NEXT  3  MONTHS. 
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and  defer  payment  for  the 
next  3  months. 
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Year  ends  with  security  undertakings 

Goldman  Sachs  embraces  DRM;  military  targets  mobile  security. 


ttWe’d  like  to  get  rid  of 
passwords  and  user 
names.55 

Pete  Butt,  chief  engineer  at  the  Naval  Air 
Systems  Command 


BY  ELLEN  MESSMER 

As  the  year  winds  up,  IT  man¬ 
agers  from  Wall  Street  to  the  mili¬ 
tary  say  they’ve  kicked  off  ambi¬ 
tious  projects  to  bolster  security 
within  their  organizations. 

At  New  York-based  investment 
firm  Goldman  Sachs,  one  project 
under  the  direction  of  Tom  Quinn, 
vice  president  of  information 
security,  entails  adding  desktop 
software  for  digital  rights  manage¬ 
ment  (DRM)  to  restrict  viewing, 
printing  or  changing  financial 
data.  Adding  the  DRM  software 
made  by  Liquid  Machines,  and 
training  employees  to  work  under 
more  restrictive  file-sharing  guide¬ 
lines,  pose  a  challenge,  Quinn 
acknowledges.  But  he  foresees  a 
broad  benefit  of  policy  enforce¬ 
ment  through  file  encryption. 

“What  can  we  do  to  raise  the 
bar?  What  can  we  do  to  help  peo¬ 
ple  not  make  mistakes?”  asks 
Quinn. 

While  employees  are  expected 
to  follow  policy  guidelines  that 
govern  sharing  of  electronic  files, 
the  addition  of  the  Liquid  Ma¬ 
chines  DRM  software  puts  a  tangi¬ 
ble  barrier  in  place  that  keeps 
data  encrypted  unless  the  recipi¬ 
ent  is  authorized  to  view,  change 
or  print  the  information. 

The  Goldman  Sachs  DRM  de¬ 
ployment  commences  this  month 
with  the  integration  of  the  Liquid 
Machines  API  into  the  higher-risk 
banking  applications  so  an  autho¬ 
rized  manager  can  control  desk¬ 
top  services  for  DRM. 

At  first  there  will  be  100  employ¬ 
ees  working  under  the  new  DRM 
policy  enforcement,  but  “we  envi¬ 
sion  it  on  all  desktops  eventually 
Quinn  says.  He  adds  that  it’s  taken 
Goldman  Sachs  almost  five  years 
to  prepare  for  a  rollout  of  DRM. 

In  the  Navy 

In  the  U.S.  Navy  the  desire  for 
improved  mobile  security  in  bat¬ 
tle  conditions  also  is  prompting  a 
new  look  at  the  possibilities  for 
high-security  authentication  and 
access  to  the  Department  of 
Defense  computer  systems. 

“We’d  like  to  get  rid  of  passwords 
and  user  names,”  says  Pete  Butt, 
chief  engineer  at  the  Naval  Air  Sys¬ 
tems  Command  headquartered 
in  Patuxent  River,  Md.,  where  test¬ 
ing  and  evaluation  of  network 


equipment  for  Navy  use  is  done. 
“One  of  the  biggest  problems  is 
there  are  so  many  of  them,  they 
have  to  be  complex  and  no  one 
can  remember  all  of  them.” 

The  Navy  is  eager  to  identify  a 
mobile  fingerprint-based  system 
that  would  support  both  comput¬ 
er  and  building  access.  To  that 
end,  30  users  at  the  Naval  Air 
Systems  Command  are  testing  a 
handheld  device  called  the 
Mobio  made  by  start-up  Cryptolex 
Trust  Systems. 

“This  is  healthy  technology  we’ll 
probably  end  up  using,"  says  Butt 
about  the  Mobio,  which  not  only 
supports  biometric  scanning  of 
fingerprints  but  also  one-time 
password  authentication  and  VPN 
methods. 

Mobio  converts  a  fingerprint 
biometric  to  a  biocode  that  can 
be  used  to  establish  one-time  sin¬ 
gle  sign-on  for  applications  by 
using  the  Cryptolex  software  pro¬ 
gramming  interfaces. 

“You  could  use  the  Mobio  to  log 
into  the  Web,”  Butt  says.  “And  we 
could  use  this  to  positively  identi¬ 
fy  access  to  routing  switches  — 
we  operate  the  backbone  net¬ 
work  for  the  Navy  and  run  the  net¬ 
working  systems.” 

Navy  personnel  today  makes 
use  of  the  military’s  Common 
Access  Card  for  computer  access, 
“but  with  this,  you’re  still  back  to 
relying  on  those  user  names  and 
passwords,"  Butt  says.  If  the 
Cryptolex  Mobio  tests  work  out 
within  the  Navy’s  research  envi¬ 
ronment,  the  broader  use  would 
likely  be  the  Navy  Marine  Corps 
Intranet  serving  hundreds  of  thou¬ 
sands  of  users. 

Banks  fight  cybercrime 

As  2006  fades  and  2007  looms 
on  the  horizon,  the  retail  banking 
sector  is  another  industry  com¬ 
pelled  to  innovate  in  order  to  fight 
cybercrime. 

BBVA  Bancomer,  a  Mexican 
bank  with  about  10  million  cus¬ 
tomers,  found  fraud  was  becom¬ 
ing  a  problem  in  its  online  bank¬ 
ing  service  over  the  past  few 
years.“lt  was  easy  for  fraudsters  to 
get  passwords,  mostly  when  cus¬ 
tomers  were  using  public  ser¬ 
vices,  such  as  at  hotels  and  air¬ 
ports,”  says  Gaston  Huerta,  Banc- 
omer’s  director  of  fraud  detection. 


Bancomer  began  beta-testing 
an  online  fraud-prevention  ser¬ 
vice  called  Falcon  Online  Access 
under  development  by  a  compa¬ 
ny  called  Fair  Isaac. 

The  Falcon  Online  fraud-detec¬ 
tion  service  includes  software  that 
is  installed  on  the  bank’s  Web 
server  used  for  online  transac¬ 
tions,  and  monitors  users’  interac¬ 
tions.  Falcon  watches  to  deter¬ 
mine  signs  of  risk,  such  as  if  the 
remote  computer  used  for  bank¬ 
ing  appears  to  change,  detecting  a 
possible  man-in-th e-middle  at¬ 
tack,  or  if  the  typist  entering  the 
account  data  is  typing  differently 
from  the  usual  pattern. 

If  Falcon  Online  detects  signs  of 
possible  fraud,  it  immediately 
sends  a  security  alert  to  the  desig¬ 
nated  security  manager  within 
the  bank.  “Once  some  suspicious 
operation  starts  to  happen,  we 
immediately  verify  the  account 
and  talk  with  the  customer,” 
Huerta  says. 

The  Falcon  Online  fraud-detec¬ 
tion  service  has  dramatically  re¬ 
duced  the  fraud  problem  over  the 
last  few  months,  Huerta  says.“Most 
of  the  fraud  we  have  seems  to  be 
perpetrated  in  Mexico,”  he  adds. 

In  the  United  States,  banks  are 
taking  steps  to  counter  online 
fraud,  particularly  since  the  feder¬ 
al  government’s  regulatory  arm, 
the  Federal  Financial  Institutions 
Examination  Council  (FFIEC), 
told  banks  they  must  show 
progress  next  year  in  authenticat¬ 
ing  customers  online  using  more 
than  a  simple  reusable  password. 

“We’re  obliged  to  implement  the 
FFIEC  guidelines,”  says  David  Van- 
deven,  president  and  CEO  at 
Missouri-based  Midwest  Indepen¬ 
dent  Bank,  a  special-charter  bank 
whose  customers  are  450  other 
financial  institutions  in  Missouri 
and  Iowa. 

A  bank  password  for  Midwest 
Independent  Bank  can  let  the 


user  access  not  just  a  separate 
account  but  the  primary  banking 
funds-transfer  systems  such  as 
Fedwire,Vandeven  says. 

To  meet  the  FFIEC  mandate  that 
kicks  in  after  December,  Midwest 
Independent  Bank  is  having  its 
bank  clientele  use  a  photo-identi¬ 
fication  authentication  method 
from  PassFaces  that  requires  users 


to  pick  out  the  pre-selected 
images  known  only  to  them  as 
part  of  the  online  access  process. 

“The  reason  we  selected  it  is 
because  it’s  an  intellectual  solu¬ 
tion  not  tied  to  a  device  and  it 
affords  a  lot  of  flexibility’  Van- 
deven  says. 

And  Hampton,  Va.-based  Old 
Point  National  Bank,  with  $830 
million  annual  assets,  just  adopt¬ 
ed  a  similar  image-identification 
system  from  RSA  Security  The 
bank’s  payments  officer,  Jean 
Parra,  says  the  security  system  has 
been  tested  and  notification  of  its 
requirement  has  been  sent  to 
about  9,000  bank  customers. 

Parra  says  the  bank  is  confident 
the  online  authentication  system 
will  meet  with  FFIEC  approvals.  ■ 


Cisco 

continued  from  page  10 

let  users  set  up  a  very  large  VPN  using  just  the  basic  routing  infrastruc¬ 
ture  of  the  Internet,  and  simply  encrypt  certain  parts  of  the  communi¬ 
cations  stream, “so  you  get  the  security  aspects  of  a  VPN  without  having 
to  create  this  hardened  tunnel.” 

“If  a  company  is  consistently  adding  sites,  plans  to  add  sites  or  hasn’t 
gone  through  a  VPN  buildout  yet,  GET  VPN  is  a  no-brainer]’  Whiteley 
says.  The  fact  that  it’s  an  IOS  function  that  runs  on  routers  could  also 
simplify  a  deployment  by  eliminating  the  need  for  separate  VPN  gear 
on  the  network,  he  adds. 

What  is  there  to  GET? 

Other  industry  observers  are  not  as  excited  about  GET.  In  particular,  its 
method  of  using  GDOI  to  distribute  IPSec  keys  via  multicast  is  “a  fairly 
obscure  aspect  of  VPNs  that  only  has  a  very  limited  applicability’  says 
Joel  Snyder,  senior  partner  at  Opus  One  network  consulting  firm  and  a 
member  of  the  Network  World  Lab  Alliance. 

“For  group  communications  using  multicast,  GDOI  is  a  nice  feature,” 
Snyder  says.“But,  honestly  that’s  an  unusual  thing.  Most  folks  are  not  try¬ 
ing  to  do  site-to-site  multicast  traffic  over  an  encrypted  tunnel.” 

Because  running  a  GET  VPN  requires  a  certain  Cisco  IOS  version  — 
which  implies  an  all-Cisco  network  —  GETVPN  shuts  out  any  sites  with¬ 
out  Cisco, or  even  Cisco  sites  not  enabled  for  GDOI.“If  you  don’t  support 
[GDOI]  ,you  won’t  be  able  to  talk  —  so  this  is  an  interoperability  issue,” 
Snyder  says.  He  adds  that  site-to-site  VPNs  are  not  that  hard  to  set  up  and 
manage  with  the  right  tools  and  products. 

“If  [Cisco]  had  a  reasonable  VPN  management  tool,  and  if  they  had 
good  VPN  concentrators,  then  they  wouldn’t  be  as  [troubled]  about  the 
whole  efficiency  issue”  of  meshed,  site-to-site  VPN  management,  Snyder 
says.“Solving  the  full-mesh  VPN  problem  by  dragging  a  new  and  incom¬ 
patible  technology  into  the  picture  and  calling  this  better  seems  to  me 
to  be  a  really  poor  argument,”  he  adds.“They  could  solve  the  full-mesh 
VPN  problem  by  simply  doing  VPN  right.” 

Smaller  sites  with  a  few  tunnels  connecting  locations  probably  won’t 
be  interested  in  throwing  out  an  established  IPSec  VPN  for  GETVPN, 
analysts  say.  Persuading  larger  sites  with  established  VPN  links,  and  con¬ 
siderable  investment  in  Cisco  VPN  gear,  might  also  be  a  tough  sell.“For 
Cisco  to  be  able  to  claim  [GET]  is  better  way  to  do  VPNs,  we’ll  need  to 
see  some  proof  points,”  Kerravala  says.  ■ 


Powerful,  enterprise-class  protection 
No  per  user  or  per  server  license  fees 
Virtually  maintenance-free 


Affordable  Spam,  Virus  and  Web  Filtering  Solutions 


SPAM  FIREWALLS  AND  WEB  FILTERS 
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Vista 

continued  from  page  1 

Mick  Jagger  sang  the  band’s  “Start 
Me  Up”  to  kick  off  Windows  95,  but 
the  fanfare  for  Vista’s  release  to 
volume  licensing  customers  ap¬ 
pears  to  be  coming  down  to  just 
another  business  decision. 

And  users  are  contemplating 
whether  they  want  to  make  the 
upgrades,  and  more  important, 
why  and  when. 

“What  are  we  doing  about 
Vista?” asks  Jim  Tieri,  director  of  IT 
for  Holland  Co.  a  Crete,  Ill.,  manu¬ 
facturer  of  railway  welding  and 
maintenance  equipment,  “In  one 
word:  Apple.” 

Tieri,  who  has  300  desktops 
used  mostly  by  remote  workers, 
says  his  department  has  been 
evaluating  Vista  and  its  benefits, 
and  they  think  it  looks  a  lot  like 


Apple’s  OS  X.  “We  have  bought 
our  first  group  of  Macs,  and  we 
are  seeing  how  we  can  integrate 
them  into  the  environment,  and 
see  if  we  can  use  them  from  a 
business  standpoint.”  He  says  the 
major  application  to  support  is 
ERRand  that  can  be  run  through 
a  browser  interface.  As  far  as  the 
Office  release,  Tieri  says  he’s 
already  running  some  copies  of 
Open  Office  that  are  showing 
some  real  possibilities.  “For  us 
there  are  no  feature  benefits  in 
Office  2007.” 

Tieri  isn’t  alone  in  his  evalua¬ 
tion.  Tom  Gonzales,  senior  net¬ 
work  administrator  for  the  Colo¬ 
rado  State  Employees  Credit 
Union  (CSECU),says  his  organiza¬ 
tion  is  considering  its  options,  in¬ 
cluding  Macs,  given  what  he  per¬ 
ceives  to  be  support  and  training 
issues  associated  with  Vista. 


“The  changes  in  Vista  are  signifi¬ 
cant  enough  that  we  think  we  can 
absorb  the  change  going  to  Macs 
just  as  easily  as  going  to  Vista,”  he 
says.  It’s  an  evaluation  process 
worth  pursuing,  because  CSECU 
just  refreshed  its  desktops  18 
months  ago  and  doesn’t  plan  on 
rolling  out  any  of  the  new  Micro¬ 
soft  offerings, including  Office  and 
Exchange,  in  2007. 

Gonzales  says  that  when  budget 
dollars  are  spent  on  a  desktop 
upgrade  “we  want  to  do  the  best 
thing  available,  if  you  asked  me 
two  years  ago  to  consider  Macs,  I 
would  have  laughed.  But  1  have 
spent  some  time  with  Apple,  and 
they  are  not  the  unviable  option 
that  they  used  to  be.” 

But  not  all  users  are  looking  at 
the  grass  on  the  other  side  of 
the  fence. 

Bechtel,  the  global  contracting 


company,  already  has  its  plans  in 
place,  according  to  Fred  Wettling, 
the  company’s  infrastructure  arch¬ 
itect.  Office  will  be  rolled  out  first 
after  the  San  Francisco  company 
certifies  that  its  applications  run 
on  the  new  software.  He  says  that 
process  should  be  complete  by 
the  end  of  March. 

“Vista  will  be  through  our  engi¬ 
neering  process  in  March, and  cer¬ 
tification  of  applications  will  take 
us  through  the  third  quarter 
before  we  get  that  done,”  he  says. 

Wettling  says  Vista  is  both  a  mile¬ 
stone  and  a  crossroads  for 
Microsoft. 

“Microsoft  is  starting  to  get  the 
message  they  are  not  alone  in  the 
world  and  there  is  a  need  for  inte¬ 
gration,”  Wettling  says.  “The  way 
Microsoft  is  poking  around  with 
open  source  people,  it  is  late  to 
the  game  on  that  compared  to 


IBM,  HP  and  others.” 

But  Wettling  says  Vista  has  some 
definite  milestones,  including  sup¬ 
port  for  IPv6,  which  Bechtel  plans 
to  exploit. 

“It  is  a  major  change  and  should 
have  a  significant  impact  on  the 
industry^  he  says.  “They  have 
improved  on  standards  support 
but  still  have  a  ways  to  go.” 

Wettling  also  cites  improved  sta¬ 
bility  and  security  and  says, “What 
we  hope  to  see  is  real  improve¬ 
ment  in  manageability’ 

While  users  have  been  doing 
their  evaluations,  some  surveys  of 
the  market  show  that  uptake  of 
Vista  will  just  barely  outpace  that 
of  XP  when  it  shipped  in  2001 . 

According  to  Ovum,  15%  of  PC 
users  will  move  to  Vista  within  the 
first  year,  compared  with  12%  to 
14%  of  users  who  switched  to  XP 
in  its  first  year  on  the  market.  ■ 
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Mary  Kay  putting  on  a  SharePoint  face 


Portal  makeover 

Mary  Kay,  a  leading  cosmetics  company,  is  moving  its  portal, 
content  management  and  collaboration  inf rastructure  to 
Microsoft's  new  Office  SharePoint  Server  2007,  which  offers 
a  variety  of  new  features  and  functions. 


Functions 

What’s  new 

Collaboration 

New  templates  for  blogs,  wikis,  discussion  groups, instant 
messaging  presence  information. 

Portal 

“Targeting"  features  display  content  based  on  user  identity  or 
group  affiliation. 

Business 

intelligence 

Portal  that  includes  Reporting  Center,  which  puts  SQL  Server 
reports  into  SharePoint.  Also  integrates  with  Dynamics  CRM. 

Search 

Key  feature  for  collaboration,  portal  and  business  intelligence. 

BY  JOHN  FONTANA 

ary  Kay  wants  to  be  more  than  just  anoth¬ 
er  pretty  face,  and  the  company’s  IT 
department  is  digging  deep  into  Micro¬ 
soft’s  Office  2007  product  lineup  to  make  that 
happen. 

The  43-year-old  cosmetics  company  with  more 
than  $2.2  billion  in  annual  sales  in  2005,  is  focus¬ 
ing  on  Microsoft  Office  SharePoint  Server  (MOSS) 

2007  to  become  the  foundation  of  its  content 
management,  collaboration, search  and  business- 
intelligence  efforts. 

MOSS  is  part  of  a  family  of  Office  branded 
products  that  includes  software,  hardware  and  a 
Web  conferencing  service  for  real-time  commu¬ 
nication.  The  lineup  includes  the  traditional 
Office  applications,  Office  Communications 
Server  2007,  Exchange  Server  2007,  the  Office 
Communicator  2007  client  including  a  version 
for  phones,  and  the  Office  Live  Meeting  2007 
Web  conferencing  service. 

Microsoft’s  intent  is  to  provide  a  single  platform  for  real¬ 
time  communications  that  can  be  integrated  with  tradi¬ 
tional  desktop  and  network  applications,  mobile  devices 
and  the  business  processes  that  run  across  all  three. 

Mary  Kay  aims  to  set  up  a  corporate  collaboration  infra¬ 
structure  with  MOSS  as  the  hub  that  ties  together  front- 
end  Office  applications, such  as  InfoPath  forms  technolo¬ 
gy  real-time  communications  and  a  Vista  desktop. 

MOSS  also  will  become  Mary  Kay’s  main  content  man¬ 
agement  repository  and  workflow  engine  to  automate  its 
manual  business  processes. 

it’s  a  lofty  endeavor  that  has  rewards  and  risks, 
admits  Obe  Salahuddin,  senior  analyst/programmer 
with  Mary  Kay. 


“It  just  seems  like  Microsoft’s  operating  system,  server 
and  Office  groups  are  all  getting  on  the  same  page  and 
attempting  to  deliver  solutions  that  truly  complement 
each  other.  Our  hope  is  that  all  this  comes  together  so 
our  employees  can  use  all  these  components  to  be  more 
efficient  at  what  they  already  do.” 

But  with  enough  experience  in  long-term  projects, 
Salahuddin  is  realistic.“Things  don’t  always  work  out  per¬ 
fectly,  but  this  is  our  plan  going  forward,”  he  says. 

The  plan  began  in  June,  when  Mary  Kay  jumped  into 
Microsoft’s  Technology  Adopter  Program  and  began 
rolling  out  MOSS,  which  will  be  officially  released  to  vol¬ 
ume  licensing  customers  Nov.  30  along  with  Vista  and 
Exchange  Server. 

The  company  is  tapping  into  search  features  of  MOSS  to 


support  its  existing  portal  built  with  SharePoint 
Portal  Server  2.0  as  the  content  repository  and 
Web  Parts  for  building  customized  features. 

MOSS  acts  as  a  Web  service  that  provides  search 
capabilities  to  an  internal  portal  that  serves 
roughly  500  staff  members  in  the  IT  department. 

The  search  infrastructure  is  built  on  two  Dell 
PowerEdge  6500  servers  with  Quad  2.0GHz  Intel 
Xeon  processors.  The  servers  run  Windows  2003 
SP1  with  4GB  of  RAM.  Both  servers  run  a  Web 
front  end,  while  one  also  serves  as  the  indexing 
engine. 

“We  used  to  have  security  by  obscurity  but  when 
we  put  search  in  now  we  can  get  to  all  that  infor¬ 
mation  so  we  have  to  control  it,”  Salahuddin  says. 

The  idea  is  to  perfect  that  control  as  the  compa¬ 
ny  rolls  out  content  management  services,  which 
are  a  big  part  of  its  overall  plans.  MOSS  2007  incor¬ 
porates  the  old  Microsoft  Content  Management 
Server,  which  has  been  discontinued. 

MOSS  also  will  support  Mary  Kay’s  team  sharing  sites 
and  business  process  automation. The  company’s  road 
map  includes  extending  search  to  file  shares  and 
SharePoint  team  sites,  which  are  online  workspaces 
where  staff  can  collaborate  and  share  digital  data. 

As  Mary  Kay  prepares  for  rollout  of  these  features  over 
the  next  year  it  is  finding  some  challenges  in  making  the 
migration  to  MOSS. 

In  its  first  instance  of  the  portal,  Mary  Kay  customized 
its  project  management  application  using  a  SharePoint 
Portal  Server  2.0  technology  called  Master  Pages.  That 
technology  is  not  supported  in  MOSS,  which  uses  tem¬ 
plates  to  build  pages.  While  the  new  version  allows  for 
more  flexibility  Mary  Kay  has  to  rewrite  the  application 
for  the  new  SharePoint  environment.* 


100%  SATISFACTION 

GUARANTEED. 


The  New  Gateway  Server  Line 

Gateway  takes  server  development  seriously.  Compare  our  servers  with  the 
competition  and  experience  the  difference  or  we  will  give  you  a  full  refund- 
no  questions  asked.  We  offer  Unsurpassed  Manageability,  Intuitive  Design 
and  Powerful  System  Architecture,  Incredible  Scalability  with  multiple 
processor  options  including  Intel®  Xeon®  processors  and  Serviceability  with 
qualified  100%  North  America-based  telephone  tech  support . 

Gateway  Enterprise  Products  Guarantee 

If  you're  not  completely  satisfied  with  your  new 
Gateway  server  product,  simply  return  it 
within  90  days  of  receipt  for  a  full  refund-. 


100% 

SATISFACTION 

GUARANTEE 


Gateway®  E-9425R 

1U  Form  Factor 

Up  to  Two  Intel®  Xeon®  5000  Series 
Processors'  with  4MB  L2  Cache 
73GB,  146GB,  300GB  15KRPM  Hot-Swap 
SA5;80GB,  250GB.  500GB,  750GB  7.200RPM 
Hot-Swap  SATA  II/3003 
667MHz  Fully  Buffered  ECC  DIMM 
Integrated  Dual  10/100/1000  (Gigabit) 
Ethernet  Network  Interfaces  (NICs) 

650W  Power  Supply;  Optional  2nd  650W 
Power  Supply  for  Hot-Swap  Redundancy 
Certified  for  multiple  operating  systems 


Gateway®  E-9525R 

•  2U  Form  Factor 

•  Up  to  Two  Intel®  Xeon®  5000  Series 
Processors'  with  4MB  L2  Cache 

•  73GB,  146GB.  300GB  15KRPM  Hot-Swap 
SAS;80GB,  250GB,  500GB,  750GB  7200RPM 
Hot-Swap  SATA  II/3003 

•  667MHz  Fully  Buffered  ECC  DIMM 

•  Integrated  Dual  10/100/1000  (Gigabit) 
Ethernet  Network  Interfaces  (NICs) 

•  700W  Power  Supply;  Optional  2nd  700W 
Power  Supplyfor  Hot-Swap  Redundancy 

•  Certified  for  multiple  operating  systems 


Gateway®  E-9520T 

Tower/5U  Form  Factor 

Up  to  Two  Intel®  Xeon®  5000  Series 

Processors'  with  4MB  L2  Cache 

73GB,  146GB,  300GB,  15KRPM  Hot-Swap 

SAS;80GB,  250GB,  500GB,  750GB  7200RPM 

Hot-Swap  SATA  II/3003 

667MHz  Fully  Buffered  ECC  DIMM 

Integrated  Dual  10/100/1000  (Gigabit) 

Ethernet  Network  Interfaces  (NICs) 

700W  Power  Supply;  Optional  2nd  700W 
Power  Supply  for  Hot-Swap  Redundancy 
Certified  for  multiple  operating  systems 


Manageability  Options: 

•  The  Entire  Gateway  Server  Family  Includes  Integrated  IMPI  2.0  Baseboard  Management  Controller  (BMC),  Gateway  Lights  Out  (GLO)  Remote  Management  Utility, 
Gateway  Systems  Manager  Software,  Remote  Keyboard/Video/Mouse  Full  System  Functionality(Optional),  Instrumented  Chassis  with  Intrusion  Detection. 


Contact  our  knowledgeable  Service  Reps  today  to  see  how  Gateway's  server  solutions  can  help  your  organization. 

Call  1-800-779-2000  or  visit  www.gateway.com/programs/servers 


Dual-core 
Do  more. 


All  offers  valid  in  the  US  only  and  time  offers  subject  to  change  without  notice  or  obligation  and  may  not  be  available  through  all  sales  channels.  (1)  Service  methods  subject  to  change  without  notice  or  obligation  (2) 
Performance  may  van/.  Celeron,  Celeron  Inside,  Centrino.  Centrino  Logo,  Core  Inside.  Intel.  Intel  Logo,  Intel  Core,  Intel  Inside,  Intel  Inside  Logo.  Intel  SpeedStep,  Intel  Viiv.  Itanium,  itanium  Inside,  Pentium,  Pentium  Inside, 
Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  See  lntel.com  for  additional  Information  (3)  Accessible  capacity  varies:  MB  = 
1  million  bytes;  GB  -  1  billion  bytes.  (4)  Returns  accepted  within  90  days  of  delivery  for  refund  of  originaT  product  (server,  storage  or  networking  -  in  same  condition  as  purchased)  purchase  price  and  shipping  K  handling 
fees  will  be  refunded.  Any  additional  fees,  such  as  installation  services,  will  not  be  refunded.  Customer  is  responsible  for  removal  of  confidential  information  and  return  shipping  S  handling  fees.  Offer  subiect  to  change 
without  notice  or  obligation;  call  for  details.  ©2006  Gateway,  Inc.  All  rights  reserved.  Gateway  Terms  and  Conditions  of  Sale  apply.  Trademarks  used  herein  are  trademarks  or  registered  trademarks  of  Gateway,  Inc.  in  the 
United  States  and  other  countries.  Not  responsible  for  typographical  errors.  Ad  code:  13007S 
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riew  e-records  rules:  who’s  complyingp 

Companies  scrambling  to  address  revised  Federal  Rules  of  Civil  Procedure. 


Required  procedures 

Amendments  to  the  U.S.  court  system's  Federal  Rules  of  Civil  Procedure  call  for  businesses  to 
retain  and  be  able  to  retrieve  electronic  documents. 


Amendment 

Effect  nn  IT 

Rule  16(b);  A  description  of  all  electronically  stored  information 
must  be  presented  within  99  days  of  the  beginning  of  a  legal 
case. 

E-mail  archiving  and  retention  software  and  policies  should  be 
put  in  place. 

Rule  26(a):  Electronically  stored  information,  including  e-mail, 
must  be  searched  without  waiting  for  a  discovery  request. 

IT  should  put  in  place  e-mail  archiving  and  retention  policies  so 
information  can  be  discovered  rapidly. 

Rule  26(b):  A  party  need  not  provide  discovery  of  electronically 
stored  information ...  if  there  is  an  undue  burden  or  cost. 

Requires  the  organization  to  prove  that  putting  in  e-mail  archiving 
software  is  an  onerous  expense. 

Rule  26(f):  Requires  litigants  to  discuss  any  issues  relating 
to  preserving  discoverable  information. 

Requires  legal  counsel  to  know  how  e-mails  are  being  retained 
and  how  they  can  be  searched  and  retrieved. 

Rule  34(b):  Requires  requesting  party  to  designate  the  form 
in  which  it  wants  electronically  stored  information  to  be  produced; 
requires  the  responding  party  to  identify  the  form  in  which 
records  will  be  produced. 

IT  must  be  aware  of  bow  e-mails  are  stored  —  on  disk  or  tape, 
for  example  -  and  how  they  will  be  retrieved. 

Rule  37:  Establishes  a  safe  harbor  provision  for  deleting 
records. 

Lets  IT  establish  policies  for  the  deletion  of  e-mail. 

BY  DENI  CONNOR 

Organizations  are  woefully 
unprepared  to  comply  with 
amendments  to  the  U.S.  court  sys¬ 
tem’s  Federal  Rules  of  Civil 
Procedure  that  call  for  busi¬ 
nesses  to  retain  and  be  able  to 
produce  electronic  records,  re¬ 
cent  studies  show. 

The  new  rules,  which  were 
approved  by  the  U.S.  Supreme 
Court  in  April  and  took  effect  last 
Friday,  require  any  business  that 
could  be  involved  in  litigation  in 
federal  court  to  retain  electronic 
records  —  such  as  e-mails,  instant 
messages  and  text  documents  — 
and  be  able  to  retrieve  them  if 
economically  feasible.  The  rules 
also  require  company  attorneys 
and  IT  managers  to  be  able  to 
show  how  electronic  records  are 
stored,  what  mechanisms  are  in 
place  to  retrieve  them,  and  when 
and  how  they  are  deleted. 

Virtually  all  businesses  are 
affected  by  the  new  rules,  ana¬ 
lysts  say.  Companies  involved  in 
litigation  related  to  lawsuits  that 
cross  state  lines,  IRS  actions,  and 
Health  Insurance  Portability  and 
Accountability  Act  or  Sarbanes- 
Oxley  Act  violations,  for  exam¬ 
ple,  are  expected  to  comply  Ac¬ 
cording  to  industry  analysts, 
events  requiring  electronic  dis¬ 
covery  are  becoming  more  com¬ 
mon:  A  survey  by  Enterprise 
Strategy  Group  (ESG)  shows  that 
91%  of  organizations  with  more 
than  20,000  employees  have 
experienced  an  electronic  dis¬ 
covery  involving  e-mail  in  the 
past  12  months. 

Many  businesses  are  not  aware 
of  the  new  amendments,  how¬ 
ever.  More  than  half  of  75  com¬ 
pany  attorneys  surveyed  by 
LexisNexis  Applied  Discovery 
weren’t  aware  of  the  Friday  com¬ 
pliance  deadline.  Just  7%  said 
their  companies  would  be  able 
to  comply  with  the  new  rules. 

Similarly,  a  Cohasset  Associates 
survey  shows  that  nearly  50%  of 
organizations  have  no  e-mail 
retention  policy  in  place.  Al¬ 
though  not  all  policies  will  be  the 
same,  there  are  three  elements 
that  are  essential  to  make  them 
litigation  ready:  a  clearly  written 
records  and  information  man¬ 
agement  policy;  a  legal  hold-and- 
lift  process  to  secure  all  informa¬ 


tion  that  will  be  relevant  to  an 
action;  and  an  e-mail  archiving 
process  that  includes  services 
and  software. 

Vivian  Tero,  senior  research  ana¬ 
lyst  for  IDC,  says  that  businesses 
should  “consider  putting  in  place 
a  corporate  records-retention  pro¬ 
gram  as  part  of  [their]  litigation 
readiness.”  Organizations  also 
should  involve  IT, compliance  offi¬ 
cers,  records  managers,  and  in- 
house  and  external  legal  counsel 
in  discovery  teams, she  says. 

Responding  to  electronic  dis¬ 
covery  requirements  can  be  diffi¬ 
cult  for  organizations  that  aren’t 
prepared.  According  to  the  ESG 
survey,  56%  of  enterprises  found 
that  retrieving  data  from  such 
offline  media  as  tape  was  a  sig¬ 
nificant  challenge,  and  half  of  the 
respondents  said  a  lack  of  effec¬ 
tive  software  tools  to  search  for 
and  retrieve  information  was  a 
challenge.  Many  organizations 
misunderstood  the  electronic 
discovery  requirements  and 
thought  they  applied  to  only  the 
financial  services  industry 

Not  all  enterprises  have  been 
caught  off  guard  by  the  amend¬ 
ments,  however.  Some  suggest 
they  are  simply  a  formalization  of 
existing  requirements.11!  am  by  no 


means  expert  in  the  rules  of  dis¬ 
covery,  but  it  appeared  at  first 
glance  to  be  simply  a  clarification 
of  already-existing  obligations  to 
codify  recent  case-law  decisions 
into  formal  rules,”  says  Timothy 
Hogan  from  the  Office  of 
Business  Conduct  at  Beth  Israel 
Deaconess  Medical  Center  in 
Boston.“The  new  language  gener¬ 


ally  emphasizes  the  importance 
of  policies  and  standard  proce¬ 
dures  covering  the  routine,  good- 
faith  operation  of  an  electronic 
information  system,”  he  says. 

At  Beth  Israel  Deaconess,  CIO 
John  Halamka  is  putting  in 
Symantec’s  Enterprise  Vault  early 
next  year  to  archive  e-mail. 

Such  preparedness  can  pay  off. 


Although  the  new  rules  don’t 
stipulate  fines  for  noncompli¬ 
ance,  District  Court  judges  have 
been  known  to  fine  companies 
for  not  responding  to  a  discovery 
request  fast  enough.  Last  year,  the 
Alabama  Circuit  Court  of  Ap¬ 
peals  fined  General  Motors 
$700,000  for  delaying  a  discovery 
process  by  98  days.  ■ 


Appliance  boasts  48  processing  cores 


BY  JENNIFER  MEARS 

As  Intel  and  Advanced  Micro  Devices  roll  out 
quad-core  processors,  newcomer  Azul  Systems 
this  week  plans  to  introduce  the  second  gener¬ 
ation  of  its  Java  appliances  that  are  built  on 
custom-designed  chips  containing  48  process¬ 
ing  cores  on  each  piece  of  silicon. 

At  the  same  time,  Azul,  which  has  had  its  ini¬ 
tial  systems  in  the  market  for  about  one  year,  is 
touting  a  growing  cadre  of  customers,  includ¬ 
ing  British  Telecom  (BT),  which  is  turning  to 
the  systems  vendor  for  help  in  scaling  transac¬ 
tion-heavy  Web-based  applications. 

Azul’s  Compute  Appliances  are  designed  to 
handle  the  processing-intensive  workloads 
associated  with  dynamic  Web-based  applica¬ 
tions.  The  idea  is  to  provide  a  shared  pool  of 
processor  and  memory  resources  for  tradi¬ 
tional  application  servers  to  tap  into. 

Similar  to  the  way  most  servers  now  access 
buckets  of  external  storage,  application 
servers  running  the  Azul  proxy  software  can 
tap  into  the  compute  power  and  memory 


they  need  for  Java  or  .Net  processing  by  link¬ 
ing  to  the  Azul  Compute  Appliance.  As  a 
result,  the  load  on  application  servers  is  less¬ 
ened  and  customers  don’t  have  to  overprovi¬ 
sion  to  ensure  consistent  response  times  for 
applications  that  spike  traffic. 

“We  don’t  want  to  be  deploying  a  lot  of 
capacity  that  we’re  just  not  using,”  says  Mark 
O’Flaherty  business-to-business  delivery  and 
operations  manager  for  BT. 

Earlier  this  year,  BT  launched  a  new  division 
called  Openreach  that  is  a  Web-based  clear¬ 
inghouse  for  providing  services  to  the  compa¬ 
ny’s  customers.  Consistent,  near-immediate 
response  time  is  imperative  for  the  new  effort 
to  succeed,  and  BT  found  that  Azul’s  Compute 
Appliances  provided  the  technical  platform 
capable  of  achieving  those  goals,  he  says. 

“This  is  a  smarter  tool  that  allows  us  to  bet¬ 
ter  manage  [resources],” says  O’Flaherty,  who 
is  based  in  Belfast,  Northern  Ireland.  “It’s 
something  we’ve  tried  to  do  with  our  Unix 
boxes,  but  we  just  haven’t  had  the  right  levers 


to  pull.  For  the  geeks  inside  of  us,  this  is  excit¬ 
ing;  we  get  to  think  about  the  [technical] 
problem  in  a  different  way’ 

BT  has  been  running  Openreach  on  three  16- 
core  Sun  Solaris  boxes  but  plans  to  offload 
workloads  to  the  Azul  Compute  Appliances 
this  month,  eventually  paring  down  the  hard¬ 
ware  it  needs  on  the  front  end. 

While  BT  is  using  first-generation  Compute 
Appliances  built  on  Azul’s  24-core  Vega  proces¬ 
sor,  Azul  this  week  is  rolling  out  systems  built 
on  the  48-core  Vega  2  processor. 

“Systems  in  our  second  generation  range 
from  96-  to  768-processor  [cores]  in  a  single, 
coherent  system,”  says  Stephen  DeWitt,  presi¬ 
dent  and  CEO  of  Azul.The  previous  generation 
scaled  only  to  384  processing  cores. 

Azul’s  Vega  2-based  3210  and  3220  Compute 
Appliances,  both  in  a  5U  form  factor,  are  priced 
starting  at  just  less  than  $50,000  for  96  process¬ 
ing  cores  and  48GB  of  memory  Higher-end  sys¬ 
tems  are  scheduled  to  be  available  in  the  sec¬ 
ond  half  of  next  year,  Azul  says.B 
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A  6-Terabyte  Database  Growing  30  Percent  a  Year. 

Running  on  Microsoft  SQL  Server  2005. 


Global  telecommunications  leader  TDC  serves  customers  in  12  countries. 
They  analyze  data  from  70  disparate  systems  using  a  central  data  mart  built 
on  Microsoft®  SQL  Server™  2005  running  on  Windows  Server8  2003. 

See  how  at  microsoft.com/bigdata 
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Structuring  your  telecom  sales  strategy 


EYE  ON  THE  CARRIER 
Johna  Till  Johnson 


Techies  usually  hate  dealing 
with  sales  folk,  because  we  seem 
to  come  from  different  worlds. 
Engineering  is  about  honesty: 
Either  that  bridge  will  hold  or  it 
won’t.  Sales  is  about  deceit  (or  so 
we  geeks  assume):  Lie  to  the  cus¬ 


tomer  and  cash  the  commission. 

So  it’s  no  surprise  that  renegoti¬ 
ating  your  telecom  relationship 
(and  dealing  with  telco  sales  folk) 
ranks  right  around  getting  a  root 
canal  for  most  IT  execs’  lists. 

But  the  right  deal  can  save  your 


organization  millions  of  dollars 
and  lay  the  foundation  for  the 
next  three-to-five-year  architec¬ 
ture.  Here  are  some  tactics  to 
make  the  most  from  your  telecom 
procurement  process: 

•  Define  your  goals  clearly  in  the 


OPNET  ACE  is  the  most  powerful 
solution  for  rapid  performance 
troubleshooting.  It  shows  you  exactly 
how  network,  system,  and  application 
behavior  affect  end-to-end 
performance.  With  ACE,  you  can 
pinpoint  the  source  of  a  problem,  so 
time  and  money  aren't  spent  in  the 
wrong  places. 

The  most  successful  organizations  in 
the  world  rely  on  OPNET's  advanced 
analytics  for  networks,  servers,  and 
applications. 


Making  Networks  and  Applications  Perform 


Sesl 

IdooOG 

NewkWort 


Acaw&ting  ftDMCT 

w  IM4  B  Bl  H 


BEST  OF  SHOW 


RFP  There’s  no  one  “right”  defini¬ 
tion  of  a  successful  deal:  One 
company  might  want  to  save 
money  at  all  costs.  Another  might 
wish  to  improve  service  quality 
while  reducing  costs.  And  a  third 
might  be  willing  to  pay  more  to 
achieve  a  wholesale  increase  in 
service  quality  and  capability. 
Whatever  your  goal  is  —  know  it, 
and  state  it  clearly 

•  Start  early  Most  companies 
make  the  mistake  of  allocating 
too  little  time  for  the  RFP 
process,  including  negotiation. 
But  by  doing  that,  you’re  giving 
up  one  of  the  most  powerful 
negotiating  weapons  at  your  dis¬ 
posal.  The  key  to  getting  a  great 
deal  lies  in  being  willing  to  go 
back  to  the  table  as  many  times 
as  needed  to  get  it  done  right. 
Don’t  shortchange  yourself  — 
plan  for  at  least  six  months  for 
the  RFP  and  negotiations  process 
(and  add  another  eight  weeks  for 
the  first  circuit  install). 

•  End  with  the  quarter.  In  your 
RFP  you’ll  sketch  out  your  in¬ 
tended  procurement  timeline.  If 
you  can, plan  to  end  with  a  signed 
contract  right  before  the  quarter- 
end.  Why?  Sales  folks’  commis¬ 
sions  often  are  paid  on  a  quarterly 
basis.  If  a  salesperson  sees  the 
opportunity  to  get  the  check  ear¬ 
lier,  he  will  fight  harder  to  close 
the  deal  in  a  timely  fashion. 

•  Get  it  in  writing.  At  the  start  of 
the  process,  make  it  clear  that  any¬ 
thing  a  salespeople  commits  to  is 
something  you  expect  to  see  in 
writing  in  the  final  contract.  Make 
them  provide  you  with  the  exact 
verbiage  they’ll  use  (in  writing).  If 
they  try  to  argue  that  the  terms  are 
“pending  legal  approval”  —  tell 
them  to  get  legal  approval  before 
they  commit  to  you. 

•  Go  as  many  rounds  as  neces¬ 
sary  As  noted,  the  key  to  a  suc¬ 
cessful  negotiation  is  a  willing¬ 
ness  to  go  back  to  the  table  multi¬ 
ple  times.  I’ve  found  that  three  to 
five  rounds  of  negotiation  yields 
the  optimum  results.  And  finally 
no  matter  how  counterintuitive  it 
sounds,  throughout  the  process 
remember  that  you  and  the  telco 
sales  team  ultimately  want  the 
same  thing:  a  fair  deal.  Don’t  give 
up  till  you’ve  got  one. 
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QA,  Novell  set  to  manage  virtual  servers 


Management  vendors  play  catch-up 

Industry  watchers  say  virtual  machine  deployment  is 
outpacing  features  in  today's  heterogeneous  management 
software  applications,  driving  vendors  to  update  their 
capabilities  to  include  multivendor  virtual  resource 
management  in  2007. 

When  will  you  deploy 
server  virtualization 
software? 

We  have  already  deployed  1  montlls®/° 

or  are  in  the  process  ■  - Within  12  to  18 

61%  '  months  2% 

No  definitive  migration 
timetable  15% 


the  next  3  months  9% 

Within  the  next  6  months  7% 
9  to  12 


SOURCE:  YANKEE  GROUP  2006  SERVER  VIRTUALIZATION 
SURVEY  OF  700  GLOBAL  BUSINESSES 


BY  DENISE  DUBIE 

CA  and  Novell  separately  last 
week  made  available  software 
designed  to  let  IT  managers 
more  easily  manage  physical, 
virtual  and  clustered  server 
environments. 

CA  unveiled  its  Unicenter  Ad¬ 
vanced  Systems  Management 
(ASM)  11.1,  which  can  not  only 
identify  the  virtual  and  physical 
elements  in  corporate  IT  environ¬ 
ments  but  also  optimize  them 
based  on  demand. 

“We  have  seen  our  customers 
trying  to  create  some  order  out 
of  the  chaos  they  have  in  their 
environments  resulting  from  var¬ 
ious  platforms  of  virtualization 
and  clustering.  We  wanted  to 
manage  that  but  also  provide  a 
platform  to  show  overall  perfor¬ 
mance  and  activity  manage¬ 
ment,”  says  Peter  Richardson,  a 
product  manager  for  virtual  plat¬ 
form  management  at  CA. 

Unicenter  ASM  —  which  is  a 
core  element  of  CAs  Virtual  Plat¬ 
form  Management  offering  —  per¬ 
forms  continuous  discovery  of 
physical  and  virtual  resources, 
reporting  on  managed  resources 
and  visually  mapping  virtualized 
environments  to  speed  problem 


identification  and  resolution,  the 
vendor  says.  It  works  with  CAs  Uni¬ 
center  System  Command  Center 
dashboard  product  to  provide  a 
common  user  interface  for  all 
Unicenter  components. 

ASM  works  in  concert  with  the 
vendor’s  Unicenter  Network  and 
Systems  Management  (NSM) 
software,  utilizing  the  same  dis¬ 
tributed  software  agents  on 
managed  machines  and  a  com¬ 
mon  management  database  for 
collecting  and  storing  configu¬ 


ration  information. 

Unicenter  ASM  11.1  can  man¬ 
age  virtualization  technology 
from  HR  IBM,  Microsoft,  Red  Hat, 
Sun,  Veritas  and  VMware.  Pricing 
includes  an  $1,800  flat  fee  for  a 
manager  component,  plus  an 
additional  variable  cost  for  each 
resource  being  managed  (for 
example,  a  CPU).  CA  says  cus¬ 
tomer  implementations  can  start 
at  $30,000. 

For  its  part,  Novell  unveiled 
Virtual  Machine  Management, 


HP  cools  data  center  servers 


BY  ROBERT  MULLINS,  IDG  NEWS  SERVICE 

HP  Labs’  research  center  has  developed  a  new 
approach  to  cooling  data  centers  that  the  company 
says  can  deliver  20%  to  45%  savings  in  cooling  en¬ 
ergy  costs,  depending  on  the  size  of  the  building. 

HP  says  its  Dynamic  Smart  Cooling  (DSC)  tech¬ 
nology  - which  will  be  available  in  mid-2007  — 

involves  placing  several  heat  sensors  on  racks  of 
servers  throughout  the  data  center  that  send  infor¬ 
mation  on  temperature  changes  to  a  central  moni¬ 
toring  system. As  the  sensors  detect  an  increase  in  a 
server’s  temperature,  a  signal  is  sent  to  the  nearest 
of  several  air  conditioning  units  to  throttle  up  to 
cool  the  server.  When  the  server  cools  because  it’s 
not  doing  as  much  computing,  the  air  conditioner 
throttles  down,  too. 

HRwhich  introduced  the  concept  of  DSC  in  2003, 
revealed  a  number  of  additional  program  details  last 
week.  It  announced  the  creation  of  a  Data  Center 
Solution  Builder  program  with  design  partners  that 
will  work  with  HP  to  implement  DSC,  which  can  be 
retrofitted  into  existing  data  centers. 

HP  has  started  trials  of  the  technology  and  will 
implement  DSC  in  six  new  U.S.  data  centers  for  its 
own  operations. 

In  addition,  Pacific  Gas  &  Electric,  the  power  util¬ 


ity  serving  Northern  California,  will  make  rebates 
available  to  data  centers  that  deploy  DSC,  says 
Mark  Bramfitt  of  PG&E. 

Energy  consumption  is  an  issue  and  DSC  technol¬ 
ogy  addresses  data  center  management  concerns 
about  the  operating  expense  of  powering  and  cool¬ 
ing,  says  Paul  Perez,  vice  president  of  HP’s  Tech¬ 
nology  Solutions  Group. 

Power  consumption  averages  40%  of  a  data  center’s 
operating  expenses,  Perez  says,  citing  industry 
research.  And  60%  to  70%  of  that  energy  expense 
goes  to  cooling  servers,  he  says. 

Other  technology  companies  are  working  on 
ways  to  keep  data  centers  cool,  says  Jonathan 
Eunice,  founder  and  principal  adviser  at  Illuminata 
IT  research  firm. 

Chip  makers  such  as  Intel  and  Advanced  Micro 
Devices  are  developing  processors  that  run  cooler 
than  they  have  in  the  past,  Eunice  says. 

HP’s  chief  competitor,  IBM,  is  trying  to  address  ther¬ 
mal  issues  on  a  system  level. 

“IBM  does  have  its  services  arm  with  the  ability  to 
send  out  heating  experts  to  map  the  data  center  hot 
spots  and  advise  about  efficiencies,” Eunice  says.  IBM 
also  offers  a  product  called  Power  Executive  that 
measures  and  modulates  power  consumption.  ■ 


which  lets  customers  deploy  and 
manage  virtualization  technolo¬ 
gies  from  vendors  such  as  VMware 
and  Microsoft,  as  well  as  the  Xen 
hypervisor  open  source  server  vir¬ 
tualization  software.  Part  of 
Novell’s  ZENworks  management 
platform, Virtual  Machine  Manage¬ 
ment  also  can  manage  virtualized 
environments  in  Novell  Open  En¬ 
terprise  Server.  It  runs  on  Windows, 
Unix  and  Linux  systems  to  man¬ 
age  virtual  data  center  assets  and 
provision  workloads  based  on 
predefined  policies. 

Competitors  such  as  CiRBA,  IBM 
and  Opsware  have  released  virtual 
server  management  wares  of  late. 

Novell  continues  to  build  out  its 
management  portfolio.  Along  with 
Virtual  Machine  Management, 
Novell  unveiled  ZENworks  Or- 
chestrator,  which  enables  policy- 
based  automation  among  man¬ 
aged  resources.  The  software  can 
learn  systems  performance  and 
resource  allocations  to  better  pre¬ 
dict  demand,  Novell  says. 


The  vendor  also  released  ZEN¬ 
works  HPC  (High  Performance 
Computing)  Management,  which 
helps  customers  perform  grid- 
based  management  of  Java  appli¬ 
cations  and  distribute  workloads 
across  parallel  systems.  Multicast 
data  distribution  capabilities  let 
users  move  and  copy  large  vol¬ 
umes  of  data  to  remote  resources 
for  processing. 

In  addition,  Novell  updated  its 
ZENworks  Asset  Management 
software  to  Version  7.5.  With  this 
release,  Novell  added  readiness 
reports  for  Win  dows  Vista  and 
Novell’s  SUSE  Linux  Enterprise 
Desktop  lO.The  software  provides 
asset  inventory,  software  usage 
and  license  reconciliation  for 
Windows  and  Linux  desktops. 

ZENworks  7.5  Asset  Manage¬ 
ment  is  priced  at  $33  per  man¬ 
aged  device  or  user.  Novell’s  three 
new  products  are  scheduled  to 
be  available  in  December;  Novell 
will  release  pricing  for  the  new 
products  when  they  ship.  ■ 


F-Secure  takes 
aim  at  rootkits 

BY  ELLEN  MESSMER 

F-Secure  last  week  announced  an  upgraded  version  of  its  Client 
Security  antivirus  and  desktop  firewall  software  that  adds  rootkit  detec¬ 
tion  and  host-based  intrusion  prevention. 

Expected  to  ship  in  mid-January  for  Windows  XP  Client  Security  7.0 
will  include  what  F-Secure  calls  its  DeepGuard  rootkit  detection  to 
identify  hidden  malicious  code  and  remove  it  (although  removal 
requires  action  by  systems  administrators). 

Rootkits  can  be  used  to  hide  any  type  of  malicious  code  or  files. 
Rootkit  removal  remains  a  more  difficult  process  than  traditional  virus 
removal  because  rootkits  typically  are  designed  to  embed  themselves 
more  deeply  into  the  operating  system.  Security  experts  debate  about 
how  easy  it  is  to  remove  them  without  harming  the  operating  system. 

F-Secure,  which  developed  the  standalone  antirootkit  tool  Blacklight, 
says  rootkits  can  be  removed  safely  but  administrators  should  oversee 
carefully  the  process  that  F-Secure  tools  facilitate. 

In  mid-January  F-Secure  also  expects  to  release  a  beta  version  of 
Client  Security  7.0  for  the  32-bit  version  of  Vista,  not  the  64-bit  Vista, 
which  includes  Microsoft’s  PatchGuard  kernel-protection  mechanism. 

PatchGuard  prevents  unauthorized  access  to  the  64-bit  operating 
system,  but  several  security  vendors  say  it  also  hampers  the  efficacy 
of  some  of  their  products. 

In  response  to  vendor  requests  for  more  openness  in  the  64-bit  ver¬ 
sion  of  Vista,  Microsoft  has  said  it  expects  to  provide  supporting  APIs  in 
Service  Pack  1  at  an  unspecified  date. 

“We  trust  these  new  APIs  Microsoft  has  planned  will  overcome  the 
challenges  of  PatchGuard,”  says  Ari  Alakiuttu,  F-Secure’s  vice  presi¬ 
dent  of  marketing. 

Client  Security  7.0  will  cost  $41  per  user,  per  year,  based  on  50  users.  ■ 
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Shaklee  goes  outsourcing  route 


BY  CAROLYN  DUFFY  MARSAN 

magine  being  an  IT  director  faced  with 
this  problem:  Your  company  has  just 
been  bought  by  a  private  equity  firm 
that  wants  to  take  the  operation  global  .You 
need  to  upgrade  a  10-year-old  network  but 
you  don’t  know  what  countries  you’ll  need 
to  support  or  when  you’ll  need  to  support 
them. 

That’s  the  challenge  the  IT  team  faced  at 
Shaklee,  a  provider  of  natural  foods  and 
household  cleaners  based  in  Pleasanton, 
Calif. 

Shaklee  ended  up  signing  a  four-year, 
multimillion-dollar  network-outsourcing 
deal  with  Virtela  Communications  this 
summer,  after  having  chosen  the  VPN 
provider  for  several  smaller  projects. 

“Now  we  can  walk  into  any  meeting  and 
say  to  the  management  team, ‘Give  us  60 
days  and  an  address,  and  it  will  be  done,”’ 
says  Greg  Fina,  director  of  IT  architecture 
and  quality  at  Shaklee.  “We  don’t  even 
need  the  full  60  days  to  get  our  circuits  in 
place.” 

Industry  analysts  say  virtual  network 
operators  (VNO)  like  Virtela  are  a  good  fit 
for  businesses  going  global. 

“For  any  small-to-midsize  business  with 
global  aspirations,  this  is  a  great  way  to  go,” 
says  David  Passmore,  research  director  at 
Burton  Group.  “Where  VNOs  make  less 
sense  is  with  very  large  enterprises  that 
can  cut  their  own  deals  with  carriers  and 
gain  economies  of  scale,”  he  says. 

Shaklee  is  a  50-year-old  company  that 
was  purchased  in  2004  by  investors  who 
planned  to  expand  it  rapidly  worldwide. 
At  the  time  Shaklee  had  businesses  in 
the  United  States,  Canada,  Mexico,  Japan 
and  Malaysia.  “We  had  no  global  net¬ 
work,  and  no  flow  of  data  among  the  five 
countries,”  Fina  says.“Our  technology  was 
outdated.  ...  We  hadn’t  made  a  major 
investment  in  10  years.” 

The  aggressive  goal  of  Shaklee’s  new 
management  team  was  to  expand  into  50 
countries  in  10  years.  “In  order  to  do  that, 
we  not  only  needed  to  enable  technology 
in  the  countries  we  already  had  but  we 
had  to  build  a  foundation  for  rolling  out  in 
two  countries  a  year  starting  in  2006,”  Fina 
says. 

Shaklee’s  IT  team  determined  its  data 
and  telephone  networks  could  not  support 
global  expansion, so  they  outlined  a  three- 
step  replacement  process:  First,  they  would 
hire  a  WAN  provider;  next,  they  would 
upgrade  the  company’s  voice  and  data  net¬ 
work  gear;  and  finally,  they  would  hire 


someone  to  manage  the  network  end-to- 
end. 

IT  staff  spent  six  months  evaluating  bids 
for  the  WAN  contract  and  ended  up  choos¬ 
ing  Virtela.  Other  bidders  included  MCI, 
AT&T,  Sprint  and  lnfonet.“We  felt  that  they 
had  a  very  innovative  solution.  We  thought 
the  price  point  for  what  they  were  provid¬ 
ing  was  good, and  we  liked  the  relationship 
we  had  developed  with  them  over  the  six 
months”  of  the  procurement  process,  Fina 
says. 

Shaklee  signed  a  two-year  contract  with 
Virtela  for  a  fully  managed  IP  VPN  service, 
including  line  provisioning,  router  man¬ 
agement  and  trouble  ticketing.  The  net¬ 
work  supports  500  users  and  runs  key 
applications  including  data  warehousing, 
CRM,  e-mail  and  VoIP 

The  new  WAN  was  completed  in 
November  2005  for  around  $250,000.  Once 
the  IP  VPN  was  in  place,  Shaklee  closed  its 
processing  centers  in  Canada  and  Mexico 
and  consolidated  operations  at  its  head¬ 
quarters  location.“Through  that  consolida¬ 
tion,  we  were  able  to  pay  for  the  WAN  in  its 
first  year  and  recover  all  of  the  initial 
investment,”  Fina  says. 

Next,  Shaklee  upgraded  its  U.S.  and 
Canadian  offices’  voice  and  data  equip¬ 
ment.  After  evaluating  equipment  from 
Cisco  and  Avaya,  Shaklee  bought  NEC 
phone  systems  and  Foundry  Networks 
data  switches,  and  rolled  out  100Mbps 
Ethernet  to  its  desktops,  replacing  10Mbps 
Ethernet  connections. 

“We  have  Power  over  Ethernet  on  the 
Foundry  switches,”  says  Kirk  Allen,  director 
of  technology  at  Shaklee.  “We’re  using  this 
to  power  the  instruments  for  NEC’s  VoIP 
solution.We  went  to  VoIP  in  any  facility  that 
required  a  technology  refresh.” 

Shaklee  spent  $1  million  on  the  network 
equipment  upgrade,  which  was  completed 
in  March  2006. 

Meanwhile  in  December  2005,  Shaklee 
upgraded  the  remote-access  system  for  its 
500  employees,  and  again  chose  Virtela, 
which  had  bid  against  Fiberlink  and  iPass. 

When  it  came  time  to  hire  a  company  to 
provide  end-to-end  management  of  its 
LAN  and  WAN  devices,  Shaklee  asked 
Virtela  to  submit  a  bid.  “We  were  so 
impressed  with  their  ability  to  win  our 
business  on  the  WAN  procurement  and  the 
quality  of  service  we  had  received  in  the 
last  six  months,  that  we  went  out  with  a  no¬ 
bid  deal,”  Fina  says. 

In  July,  Shaklee  rolled  all  of  its  business 
with  Virtela  into  a  single  four-year, seven-fig¬ 


ure  contract.“This  is  the  first  company  that 
I’ve  ever  dealt  with  that  is  a  one-stop  shop. 
.  .  .With  Virtela,  if  I  have  a  problem,  I  call 
one  number’’  Fina  says,  pointing  out  that 
Shaklee’s  global  account  representative 
handles  problems,  as  well  as  requests  for 
additional  services. 

“Also,  the  install  engineers  that  started 
with  the  WAN  project  have  stayed  on 
through  phase  three  of  our  project,”  Fina 
says.“It’s  that  same  group  of  engineers  that 
do  all  the  work,  so  they  have  almost  as 
much  understanding  of  the  network  as  we 
do.  It’s  very  reassuring,”  he  says. 

Analyst  Passmore  says  it’s  not  surprising 
that  Virtela  won  Shaklee’s  global  network 
business.“If  you’re  trying  to  provide  site-to- 
site  connectivity  across  multiple  carrier 
boundaries,  the  carriers  are  not  anxious  to 
peer  with  each  other  for  services  like 
MPLS,  so  really  the  only  place  you  can  go 
to  is  a  VNO  like  Virtela  or  Vanco,”  Passmore 
says. “Companies  like  having  [service-level 
agreements]  that  span  multiple  service 
provider  clouds,”  he  says. 

So  far,  Virtela  has  taken  over  network 
management  in  Shaklee’s  three  U.S.sites.“I 
don’t  know  the  exact  figures  for  the  return 
on  this  investment,  but  we  will  be  able  to 
open  new  markets  sooner  than  we  antici¬ 
pated  because  of  Virtela’s  global  reach,” 
Fina  says. 

Shaklee  has  a  rigorous  SLA  with  Virtela 
that  includes  delivery  of  service  anywhere 
in  the  world  within  60  days.  In  addition, 
Virtela  has  to  notify  Shaklee  of  an  equip¬ 
ment  failure  within  15  minutes. 

“We’ve  had  stuff  that  hasn’t  gone  perfect¬ 
ly  well,”  Fina  admits. “When  there’s  a  prob¬ 
lem,  we  escalate  it  to  their  technical  staff 
and  they  solve  the  problem.” 

Next,  Virtela  will  take  over  managing 
Shaklee’s  firewalls  and  network  security 
devices  as  part  of  its  outsourcing  deal. 

In  December, Shaklee  is  opening  opera¬ 
tions  in  Taiwan  that  Virtela  supports.  “We 
were  able  to  open  up  Taiwan  one  month 
sooner  than  anticipated  because  of 
Virtela,"  Allen  says.  “They  set  up  the  cir¬ 
cuits  in  five  weeks  instead  of  six  weeks,” 
he  says. 

Thanks  to  the  network  upgrades, 
Shaklee’s  IT  staff  can  support  whatever 
growth  the  company’s  management  team 
wants.  “Two  years  ago,  from  an  infrastruc¬ 
ture  perspective,  we  couldn’t  have  execut¬ 
ed  on  this  business  strategy” Fina  says.“Now 
we  have  agreements  in  place  with  all  of 
our  vendors  to  deliver  services  into  what¬ 
ever  country  we  want  to  go.”B 
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Let  Internet  Security  Systems  stop 

network  threats  before  they  impact  your  business 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast  enough  to 
protect  against  losses  once  an  Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems.  Because  our  enterprise 
solutions  are  based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  can  offer  preemptive  security  and  stop  threats  More  they 
impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 


Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules ,  at  www.iss.net/proof  or  call  800-776-2362. 


($  Internet  |  Security  |  Systems® 

Ahead  of  the  threat 


NETWORK  &  HOST  INTRUSION  PREVENTION 


MANAGED  SECURITY  SERVICES 


VULNERABILITY  MANAGEMENT 
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3Com  buys  out  Huawei  joint  venture 

Deal  gives  3Com  control  of  large-enterprise  eguipment  venture  —  ammunition  to  battle  Cisco,  Nortel. 


BY  PHIL  HOCHMUTH 

3Com  last  week  said  it  is  buying  full 
ownership  of  its  joint  venture  with 
Huawei  for  $882  million. 

The  deal  ends  a  bidding  war  between 
Huawei  and  3Com,  as  well  as  outside  pri¬ 
vate  equity  firms,  to  buy  the  Huawei-3Com 
joint  venture,  known  as  H3C.  3Com,  which 
already  owns  51%  of  H3C,will  gain  control 
of  the  high-end  LAN  switch  and  router 
products  produced  by  H3C,  which  3Com 
had  used  to  reestablish  itself  in  the  U.S. 
enterprise  network  market  over  the  last 
several  years. 

The  deal  is  the  first  major  move  by  new 
CEO  Edgar  Masri  (www.nwdocfinder.com 
/6342),  who  took  over  3Com  in  August.  H3C 
was  formed  in  2003  under  former  CEO 


Bruce  Claflin,  who  announced 
his  retirement  in  January.  For 
3Com,  the  joint  venture  was  an 
attempt  to  reenter  the  market  for 
WAN  routers  and  large  LAN 
switches.  3Com  ducked  out  of 
those  markets  in  2000,  the  last 
year  the  company  was  prof¬ 
itable.  Huawei’s  goal  of  gaining  a 
larger  presence  in  the  North 
American  corporate  and  carrier 
markets  never  materialized.  As 
part  of  the  deal,  China-based 
Huawei  is  prohibited  from  com¬ 
peting  in  3Com’s  market  for  18  months. 

Reports  say  that  3Com’s  $882  million  bid 
for  H3C  —  which  analysts  value  at  $1.8  bil¬ 
lion  —  beat  offers  from  Bain  Capital,  Silver 


Lake  Partners  and  Texas  Pacific 
Group,  as  well  as  Huawei  itself. 

3Com  did  not  specify  how  it 
would  pay  for  the  remaining 
49%  of  H3C.  As  of  September, 
the  company  had  $916  million 
in  cash,  $197  million  of  which 
was  from  the  Huawei  joint  ven¬ 
ture.  3Com  has  seen  an  uptick 
in  its  sales  recently,  as  it  posted 
$300  million  in  revenue  for  its 
first  fiscal  quarter  of  2007, 
which  ended  Sept.  1 .  This  was 
up  from  $255  million  in  the 
previous  quarter  and  almost  a  70% 
increase  from  the  $177  million  3Com 
made  in  its  first  fiscal  quarter  of  2006. 
3Com  also  cut  its  losses  by  half,  to 


$20  million,  compared  with  a  year  ago. 

H3C  products  include  the  3Com  Switch 
7700  and  8800  series  Gigabit  and  10G 
Ethernet  switches,  which  compete  with 
products  such  as  Cisco’s  Catalyst  6500, 
Nortel’s  Ethernet  Routing  Switch  8600 
and  HP  ProCurve’s  9300  series.  WAN 
routers  and  firewall  gear  built  under  the 
H3C  venture  include  3Com’s  Router 
3000,  5000  and  6000  series,  which  com¬ 
pete  with  Cisco’s  Integrated  Services 
Router  and  Juniper’s  J-Series  product 
lines,  among  others.  ■ 
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WatchGuard  puts  high-end  security  in  low-end  boxes 


BY  TIM  GREENE 

WatchGuard  is  adding  high-end 
security  features  to  its  low-end 
protection  devices  to  make  it 
more  affordable  for  customers  to 
put  advanced  network  defenses 
at  their  sites. 

The  company  is  adding  proxy 
firewall  capabilities  that  screen 
HTTP  FTP  and  POP3  traffic,  at  the 
application  layer,  making  it  more 
secure  than  a  network-layer  fire¬ 
wall,  because  it  checks  payloads 
and  attachments  for  malware. 

The  new  capabilities  are  being 
added  to  Firebox  X  Edge  20e  and 
55e  devices,  including  the  mod¬ 
els  of  each  that  include  a  wire¬ 
less  access  point.  These  devices 
sit  between  the  Internet  and 
office  networks  and  include  fire¬ 
walls,  VPNs,  traffic  shaping,  WAN 
failover  options, Web  filtering  and 
virus  scanning. 

WatchGuard  also  is  bundling 
these  devices  with  three  security 
services  for  a  flat  price.  These 


packages  include  WatchGuard’s 
Gateway  Anti-virus/Intrusion  Pre¬ 
vention  System,  spamBlocker, 
WebBlocker  and  Live  Security 
services. 

One-year  subscriptions  for  the 
services  plus  a  Firebox  X  Edge 
20e  cost  $800  with  the  standard 
hardware  and  $900  for  the  wire¬ 
less  version.  The  same  service 
bundle  with  the  Firebox  X  Edge 
55e  costs  $1,200  for  the  standard 
hardware  and  $  1 ,300  for  the  wire¬ 
less  version.  The  company  has 
not  set  the  price  for  renewing  the 
services  after  the  first  year. 

The  upside  of  these  devices  is 
that  they  are  less  expensive  than 
buying  separate  devices  that  sup¬ 
port  each  function,  so  they  are 
easier  to  manage  and  install. 

But  they  are  not  for  all  busi¬ 
nesses,  says  Rob  Whiteleyan  ana¬ 
lyst  with  Forrester  Research. 
Large  corporations  don’t  want 
multifunction  security  devices 
because  they  want  to  keep  secu¬ 


IS 

Security  Buyer's  Guide 

From  antispam  to  wireless  LAN  security,  we've  got  detailed  information  on  hundreds 
of  products  that  will  help  you  quickly  pinpoint  the  hardware  or  software  you're 
looking  for.  We've  categorized  each  product  into  more  than  20  specific  security 
market  segments  so  you  can  drill  down  and  compare  and  contrast  products  in  only 

the  areas  you  need. 
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rity,  acceleration  and  routing 
technology  separate  for  internal 
billing  purposes.  Different  IT 
departments  handle  these  sepa¬ 
rate  infrastructure  technologies, 
he  says. 

Surveys  by  Forrester  indicate 
the  desire  for  such  integrated 
devices  shrinks  as  businesses  get 
larger.  “Large  companies  want 
them  the  least, ’’Whiteley  says. 

However,  retail  companies  like 
these  products  because  they 
have  many  sites  without  dedi¬ 


cated  IT  staff,  he  says.  It  is  simpler 
for  IT  to  place  a  manageable  mul¬ 
tifunction  device  in  stores  than 
to  place  separate  routers,  fire¬ 
walls,  virus  scanners  and  content 
filters,  he  says. 

These  multifunction  boxes  — 
also  called  unified  threat  manage¬ 
ment  (UTM)  gear  —  are  not 
meant  for  the  smallest  businesses, 
either,  Whiteley  says.  “They  bring 
the  costs  down,  but  for  small  busi¬ 
nesses,  it’s  still  too  much,”  he  says. 

Plus  Cisco  and  Juniper,  whose 


multifunction  routers  are  moving 
downscale,  may  be  able  to  attract 
low-end  customers  because  their 
devices  can  be  integrated  into 
their  network  architecture,  he 
says.  In  addition,  Check  Point, 
Crossbeam,  Fortinet,  ServGate, 
SonicWall  and  Xyzel  offer  a  spec¬ 
trum  of  these  UTMs  as  well. 

The  new  Firebox  X  Edge  soft¬ 
ware  Version  8.5  with  the  new 
security  features  will  be  available 
by  the  end  of  this  month, 
WatchGuard  says.  ■ 


Symantec  acquires  Revivio’s  IP,  assets 


BY  DENI  CONNOR 

Symantec  has  snapped  up  faltering  continuous 
data  protection  vendor  Revivio  for  an  estimated 
$20  million. 

The  company  bought  Revivio’s  intellectual  prop¬ 
erty  and  will  discontinue  sales  and  development  of 
Revivio’s  Continuous  Protection  System  appliance. 
Symantec  does  not  normally  announce  the  acquisi¬ 
tion  of  intellectual  property  a  spokeswoman  says. 

Symantec,  which  entered  the  data  protection  mar¬ 
ket  with  its  acquisition  last  year  of  Veritas,  plans  to 
add  Revivio’s  technology  to  its  NetBackup  product 
and  sell  a  stand-alone  CDP  product  of  its  own.  It 
already  has  near-continuous  data  protection  capa¬ 
bility  in  its  Backup  Exec  products. 

CDP  technology  saves  data  to  disk  as  changes  are 
made  —  continuously  —  rather  than  on  a  scheduled 
basis.  With  CDP  software,  IT  administrators  can  roll 
back  changes  to  any  point  in  time. 

Symantec’s  acquisition  of  Revivio’s  intellectual 
property  signals  further  consolidation  of  the  back¬ 


up,  recovery  and  replication  space.  Network 
Appliance  acquired  Alacritus  in  2005  for  its  CDP  as 
well  as  virtual  tape  library  technologies.  EMC 
bought  Kashya  earlier  this  year  for  CDP  and  replica¬ 
tion;  EMC  replaced  an  OEM  deal  with  Mendocino 
and  introduced  Kashya  technology  in  its  Recover- 
Fbint  product.  In  July,  CA  purchased  XOsoft  for  its 
CDP  and  replication  capabilities.  In  addition, 
Atempo  acquired  Storactive. 

Other  big  vendors  such  as  IBM  and  Microsoft  also 
have  introduced  CDP  products.  HP  rebrands  and 
resells  Mendocino’s  software. 

Symantec  has  extended  job  offers  to  Revivio  CTO 
and  founder  Michael  Rowan  and  Director  of 
Engineering  Kevin  Rodgers,  as  well  as  11  other 
Revivio  engineers. 

Revivio  started  in  2001  and  has  $55  million  in  fund¬ 
ing  from  Charles  River  Ventures,  Flagship  Ventures, 
Bessemer  Venture  Partners,  Globespan  Captial 
Partners  and  the  Nomura  Group.  In  2005,  Network 
World  named  Revivio  to  its  start-ups  to  watch  list.  ■ 


With  competition  heating  up,  how  will 
Air  China  open  new  doors  abroad? 


at&t 

Your  world.  Delivered:" 


Dynamic  Networking.  Take  Flight. 

Competition  can  be  fierce.  With  competitors  giving  chase  in  the  domestic  market, 
Air  China  was  fighting  to  stay  on  top.  But  it  couldn't  hamper  its  ability  to 
serve  more  destinations  abroad.  The  plan?  Retool  its  IT  systems  to  streamline 
operations,  accommodate  expansion,  and  provide  more  of  the  amenities  that 
travelers  expect.  The  solution:  Dynamic  Networking  from  the  new  AT&T. 

To  address  these  challenges,  the  new  AT&T  created  a  reliable,  scalable  solution 
that's  handling  millions  of  transactions  per  day.  All  while  delivering  real-time 
access  to  data.  Air  China  is  seeing  immediate  returns  by  optimizing  its 
reservations,  route  scheduling  and  frequent  flyer  programs.  And  the  renewed 
vigor  is  keeping  this  leader  on  top. 


To  learn  more  about  how  Air  China  and  other  businesses  have  found  success 
with  Dynamic  Networking,  visit  att.com/profiles. 
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Dynamic  Networking  from  the  new  AT&T 

includes  redundancies  and  security  failsafes  from  the  ground  up 
to  help  ensure  business  continuity,  operational  readiness  and 
data  recovery.  With  easy  provisioning  of  VPN  solutions  for  secure, 
remote  access  from  almost  anywhere.  So  no  matter  what  comes 
down,  Dennis  knows  his  enterprise  can  be  up  and  running.  Learn 
how  Dynamic  Networking  can  enable  your  business. 
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Canon  presents  five  new  Color  imageRUNNER  choices. 

Introducing  Canon’s  complete  line  of  new  Color  imageRUNNER*  solutions.  With  five  new  models  to  choose 


from,  we’re  certain  you  can  find  the  perfect  one  for  your  business.  Not  only  that,  but  we  took  the  industry¬ 
leading  Canon  Color  imageRUNNER  Series,  and  vastly  improved  it  with  our  exclusive  imageCHIP  system 
architecture  which  can  be  found  in  every  model.  Our  new  imageCHIP  technology  not  only  enables  you  to 
print,  scan  and  fax  simultaneously  without  bottlenecks  in  productivity,  but  it  will  change  the  way  you  think  about  using  color 
in  the  office.  And  they  all  have  more  speed  and  power  for  greater  performance.  In  fact,  the  Canon  Color  imageRUNNER 
will  deliver  the  future  of  color  in  the  workplace  today  with  the  color  quality  you’ve  come  to  expect  from  Canon. 

The  Canon  Color  imageRUNNER.  It’s  what’s  next  for  color. 
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Vyatta:  No  open  source  guru  required 


Open  source  router  company  Vyatta  debuted  earlier  this  year  with  a  Red 
Hat-style  alternative  to  Cisco  and  Juniper  offerings:  the  Open  Flexible  Router, 
an  open  source-based  WAN  router  and  firewall  stack,  freely  downloadable, 
with  service  and  support  offerings  available  for  purchase.  Since  then  the  com¬ 
pany  has  generated  buzz  while  releasing  products  such  as  a  pre-installed 
appliance-like  version  on  Dell  servers.Vyatta  CEO  Kelly  Herrell  and  chief  strate¬ 
gy  officer  Dave  Roberts  recently  told  Network  World  Senior  Editor  Phil 
Hochmuth  what  Vyatta  is,  and  is  not,  and  what  it  hopes  to  become.  ( The  fol¬ 
lowing  is  an  edited  transcript.) 

How  much  future  is  there  in  being  an  open  source  networking  company,  given  that  a  lot  of  what 
you're  doing  is  packaging  free  technology  that  has  been  out  there  for  some  time?  is  this  some¬ 
thing  people  will  do  themselves? 

Herrell:  Companies  buy  solutions.  I  don’t  mean  to  sound  trite  like  that,  but  when 
people  look  for  solutions,  they’re  looking  for  something  that  has  the  best  price/perfor¬ 
mance  for  the  job  at  hand.  We  are  a  solutions  provider.  I  don’t  know  of  too  many 
CIOs  who  would  look  fondly  upon  their  network  teams  if  they  were  sitting  in  labs  try¬ 
ing  to  compile  and  debug  code,  or  something  that  was  a  standard  function  in  their 
network.  So  as  a  solutions  provider,  we  can  give  buyers  what  they  want:  continuity  of 
the  product,  maintenance,  a  road  map. You’re  not  going  to  get  much  of  a  road  map 
out  of  an  open  source  project.  And  all  the  technical  support  and  service  that  they 
rely  on  to  run  a  network.  So  we’re  an  open  systems  alternative  to  a  proprietary 
approach.  From  that  perspective,  we  are  a  solutions  alternative, and  we  believe  that 
has  just  as  much  longevity  as  a  proprietary  solution. 

What  are  the  advantages  of  open  source  from  a  competitive  standpoint9 

Herrell:  We  pull  from  various  parts  of  the  open  source  world,  and  contribute  back, 
of  course.  Everything  from  Linux,  and  XORP  [eXtensiple  Open  Routing  Platform  — 
the  open  source  routing  software  on  which  OFR  is  based]  .The  advantage  here  is 
we’re  standing  on  the  shoulders  of  giants.  Many  of  the  components  have  been  weath¬ 
er  tested  in  many  other  environments.  So  we’re  not  coming  in  at  the  fundamental 
ground  level  where  it’s  a  systems  theory  So  we  hit  the  ground  running.  And  then  from 
our  perspective,  our  job  as  a  solutions  provider  is  to  continue  to  make  quick  incre¬ 
mental  improvements  to  the  solution  just  to  continually  advance  the  state  of  the  solu¬ 
tion  that  we  offer. 

Why  hasn't  XORP,  and  open  source  routing  in  general,  taken  off  as  widely  as  open  source  com¬ 
puting  or  application  platforms,  such  as  Linux  or  Apache? 

Roberts:  We’re  fond  of  saying  that  networking  started  out  open  source. The 
first  networking  stacks  were  open  source  stacks  with  either  BSD,  or  people 
would  run  [network]  software  on  Suns. That  was  a  common  way  to  get  yourself 
on  the  Internet  in  the  1980s. Then  the  networking  market  swung  closed  source, 
and  went  through  a  period  of  extreme  growth  through  the  1990s.  I  think  now  it’s 
reached  a  level  of  maturity  where  people  are  willing  to  go  look  back  at  those 
open  source  solutions. 

The  market  has  to  be  accepting  of  what  you’re  doing.  We’re  at  a  point  now  where  the 
market  has  come  to  the  conclusion  that  open  source  is  good.  Customers  want  to  see 
more  open  source  alternatives  in  a  variety  of  product  categories,  not  just  computing. 

To  be  a  Vvyatta  customer,  do  you  have  to  be  a  hacker  or  open  source  guru,  or  have  one  on 

staff? 

Herrell:  Let’s  say  you  pick  up  the  Vyatta  appliance,  or  just  the  OFR  software.  When 
you  push  the  on-button  of  the  machine.it  boots.  When  it  finishes  booting.it  is  a 
i outer,  with  a  CLi  and  a  GUI  interface.  So  the  comparisons  to  Red  Hat  for  us  are  very 
apt,  in  many  ways  —  the  subscription  model,  and  the  leverage  of  open  source. Where 
they  differ,  is  that  what  Red  Hat  provides  is  an  operating  system,  then  you  have  to 
load  apps  on  it,  and  do  all  that  kind  of  thing.  From  Vyatta,  the  product  you  get  is  the 
same,  from  a  user  standpoint, as  a  traditional  router  or  firewall.You  plug  in  the  cables, 
you  hit  the  on-button, you  configure  it  and  you’re  done. 


Roberts:  You  absolutely  do  not  have  to  be  a  hacker  to  use  this  product.This  is  really 
designed  for  your  average  network  manager  who  is  comfortable  with  a  Cisco  or 
Juniper  product  today  They  can  fire  up  our  products  and  find  themselves  very  com¬ 
fortable.  One  of  the  things  about  why  open  source  networking  had  not,  until  Vyatta, 
really  caught  on  was  because  to  a  certain  extent,  the  solutions  and  open  source 
stacks  that  were  out  there  —  XORP  and  others  —  do  rely  on  users  to  be  a  little  bit 
more  of  a  hacker  to  deploy  them. You  still  have  to  download  them, you  have  to  run 
them  on  your  Linux  distro.You  still  have  to  understand  Linux,  because  it’s  not  like  you 
get  a  full  environment.  When  you  boot  up  your  raw  XORP-based  system,  you  have  a 
set  of  processes  running  on  top  of  Linux. You  have  to  know  Linux  commands  to 
maintain  the  system.That’s  where  a  lot  of  our  value-add  is;  not  just  taking  XORP  and 
plopping  it  on  top  of  Linux. 

What  are  customers'  biggest  reservations  about  going  with  an  open  source  network  product? 

Herrell:  Change.  And  1  would  qualify  that  by  saying  that  in  any  market  there  are  dif¬ 
ferent  types  of  adopters.  For  those  who  are  resistant,  that’s  fine.  We’ll  evangelize  and 
proselytize,  but  we  won’t  try  and  force  someone  to  do  something  they  don’t  want  to 
do.  Our  job  has  less  to  do  with  dealing  with  objection  and  more  to  do  with  under¬ 
standing  where  the  pockets  of  adoption  are. 

Roberts:  I  think  everyone  gets  what  we’re  doing.  We  haven’t  talked  to  anybody  that 
doesn’t  get  it  or  doesn’t  see  some  benefit  in  it.  I’ve  had  major  Fortune  500  corpora¬ 
tions  saying,  this  is  really  interesting.They’ve  also  followed  that  by  saying,  I’m  not  sure 
I’m  ready  for  it.  I’m  not  sure  our  organization  is  ready  for  it, but  I  understand  it  and  I 
understand  the  benefit  of  it. 

What  do  you  tell  CIOs  when  you  talk  about  Vyatta's  road  map? 

Herrell:  We  tell  them  we’ve  got  our  1.0  release  out  there  and  that  1.1  is  around  the 
corner. They  should  expect  it  to  look  like  any  commercial  product.  And  from  that 
perspective,  the  road  map  includes  feature  advancements  and  performance 
enhancements.  What  is  new  is  the  way  we  come  up  with  the  definition  of  what 
needs  to  be  in  those  incremental  advancements.  That’s  where  we  get  to  leverage 
the  community.  We  get  to  leverage  their  insight  and  their  requests. We  don’t  build 
something  because  we  think  it’s  a  neat-o  idea. We  build  something  because  the 
market  is  telling  us  they  want  that. 

So  who  is  ready  for  open  source  routing? 

Herrell:  The  first  adopters  are  generally  categories,  are  organizations  with  nimble 
budgets  and  nimble  deployment  models.  Who  fits  under  that?  Well,  [small  and  mid¬ 
size  businesses] .service  providers.  People  who  aren’t  going  to  require  a  long,  protract¬ 
ed  formalized  product  review,  but  rather,  a  customer  that  will  say,  hey  I  have  a  need. 
You  have  a  solution,  I’ll  plug  it  in.  If  it  doesn’t  work  I’ll  take  it  out. 

Roberts:  These  are  typically  organizations  where  there  is  some  empowerment  by 
technical  people  to  make  decisions.  As  opposed  to  large  central  planning  commit¬ 
tees  for  technology  buying. 

Herrell:  Yes,  Stalinist  regimes  need  not  apply  But  back  to  what  Dave  said,  I  haven’t 
heard  any  senior  IT  manager  or  CIO  say,  no-way,  no-how.  What  they  say  is,  it’s  interest¬ 
ing,  I’m  going  to  watch  this.The  bottom  line  is,  no  wonder  it’s  interesting.it  has  two 
basic  advantages  —  economics  and  control.  How  do  you  say  that’s  not  interesting?  If 
you  say  I  have  a  very  significant  network  budget,  and  you  can  stretch  that  further.  Or,  if 
it  gives  customers  more  control  over  what  I  deploy  how  I  deploy  it,  and  when  I 
deploy  it.Those  are  good  things.  Customer  A  might  say  I’m  taking  a  wait-and-see  atti¬ 
tude,  but  I  don’t’  disagree  with  the  approach. 

For  organizations  that  are  in  wait-and-see  mode,  what  do  you  think  they're  waiting  to  see? 

Herrell:  I  think  the  funny  thing  is  that  what  they  need  to  see  already  exists;  we’re 
just  in  the  process  of  communicating  to  them  that  it  does  exist.  What  people  like  to 
see  is  that  somebody  else  has  done  it.  It  turns  out  that  a  reasonably  good-sized 
number  of  organizations  have  already  done  this,  and  now  have  production  net¬ 
works  running  Vyatta.  And  it’s  up  to  us  to  explain  that  and  show  the  proof,  if  that  is 
the  pressing  item  for  them.  For  the  most  part,  I  think  that’s  it.  We  don’t  get  resistance 
to  the  idea;  they  just  want  to  make  sure  they’re  in  good  company.  ■ 


.INFRASTRUCTURE  LOG 

_DAY  15:  Our  network’s  too  complex  to  manage.  We’re 
not  proactive  at  all;  we’re  just  reacting.  Help! 

_Gil  brought  in  a  crystal  ball.  Says  he  can  now  peer 
into  the  future  of  our  infrastructure. 


_DAY  17:  I  see  a  better  way:  IBM  Tivoli  middleware. 
It  gives  us  a  holistic  view  of  the  infrastructure  and 
analyzes  the  relationship  between  apps,  systems  and 
networks.  Fixes  problems  proactively  for  more  uptime 
and  more  storage  availability .  Plus,  it’s  open, 
modular  and  scalable. 


.Gil  says  he  saw  all  that  too  but  forgot  to  tell  us 


Better  manage  the  business  of  I.T.  at: 

IBM.COM/TAKEBACKCONTROL/PROACTIVE 


IBM.  the  IBM  logo  and  Tivoli  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  42006  IBM  Corporation  All  rights  reserved. 
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NETWORK  EXECUTIVES  SHARE  THEIR  WISDOM 


What's  your  role  at  the  lab? 

The  voice  and  data  infrastructure  is  my  primary  respon¬ 
sibility  I  own  much  of  the  network-based  security  includ¬ 
ing  firewalls,  intrusion-detection  systems  and  virtual  pri¬ 
vate  networks.  I  work  closely  with  the  cybersecurity  pro¬ 
gram  manager,  who  is  in  the  same  division. 

What  percentage  of  your  time  is  spent  on  security  issues? 

We  just  had  a  large  Department  of  Energy  audit  this 
summer,  so  during  that  time  the  percentage  was  fairly 
high,  about  40%  to  50%  of  my  time.  In  a  normal  year,  it’s 
probably  down  in  the  15%  to  20%  range. 

How  many  people  do  you  have  on  your  staff  involved  with  cyber¬ 
security? 

I  have  a  staff  of  23  people,  of  which  three  are  involved  in 
cybersecurity  They  handle  firewalls, VPNs,  intrusion  detec¬ 
tion  and  [Cisco]  NetFlow  data  analysis. 

Can  you  give  a  brief  description  of  your  network? 

We  support  around  3,000  people  at  the  lab  and  12,000 
computers.  We  have  several  high-performance  clusters  of 
machines.  It’s  an  IP  network.  We  have  a  lot  of  wide-area 
networking  connectivity  Right  this  second,  we  probably 
are  using  six  OC-192s.We  have  a  10G  campus  infrastruc¬ 
ture.  We  have  traditional  TDM-based  voice.  We  have  an 
active  VoIP  pilot  program  in  one  of  our  newest  buildings, 
the  Center  for  Nanoscale  Materials. 

What  does  your  security  architecture  look  like? 

We  run  a  distributed  model  with  multiple  firewalls 
cooperating  to  provide  a  perimeter  protection 
scheme.  We  recently  added  Tier  2  or  divisional  fire¬ 
walls  at  the  project  or  building  level.  All  the  places  at 
the  lab  that  have  sensitive  technologies  or  a  prepon¬ 
derance  of  personally  identifiable  information  get  a 
second  level  of  firewall  protec¬ 
tion.  We  use  primarily  Cisco 
firewalls,  intrusion-detection 
systems  and  VPNs. 


How  Argonne  Labs  did  an 
about-face  on  cybersecurity 

Five  years  ago,  Argonne  National  Laboratory  was  in  the  midst  of  a  cybersecurity  crisis.  The  Energy 
Department  research  center  was  failing  audits,  and  management  was  under  pressure  to  fix  the  situation. 
Today,  Argonne  gets  top  marks  from  security  auditors.  Scott  Pinkerton,  communications  infrastructure 
department  manager,  tells  Network  World  Senior  Editor  Carolyn  Duffy  Marsan  how  the  organization 
turned  things  around. 


What  steps  did  you  take  to  resolve  your  cybersecurity  crisis? 

Before  2001,  we  didn’t  have  many  technical  solutions. 
Firewalls,  intrusion-detection  systems, VPNs  —  a  lot  of  that 
technology  didn’t  exist.  However,  what  I  would  say  was  the 
most  telling  changes  all  revolved  around  culture.  We  start¬ 
ed  a  cybersecurity  architectural  review  committee  to  fig¬ 
ure  out  a  paradigm  for  separating  our  network  services. 

“Tuning  the  intrusion-detection 
system  wasn’t  that  painful.  It 
was  educating  the  user  commu¬ 
nity  that  was  hard.” 

Scott  Pinkerton,  communications  infrastructure  department  manager, 
Argonne  National  Laboratory 

We  had  a  slew  of  town  hall  meetings  throughout  that  12- 
month  period.  We  did  an  enormous  amount  of  education 
about  what  these  changes  would  mean  to  [the  scientists.] 

Dropping  in  the  firewalls  wasn’t  that  painful.  Intrusion- 
detection  systems  weren’t  that  painful. Tuning  the  intru¬ 
sion-detection  system  wasn’t  that  painful.  It  was  educating 
the  user  community  that  was  hard.  We  did  a  complete 
revamp  of  our  IT  training  program.  We  have  a  yearly  IT 
refresher  course  that  everyone  has  to  go  through  that  was 
completely  redesigned.  We  did  a  tremendous  amount  of 
outreach  to  our  system  administrators  and  now  we  keep 
track  of  them. 

When  were  you  out  of  crisis  mode? 

By  2002,  we  had  started  to  turn  the  ship  around  and  we 
were  starting  to  get  passing  grades  on  audits.  At  least  from 
the  point  of  view  of  the  senior  management  of  the  labora- 


Are  you  spending  more  time  on  secu¬ 
rity  issues  than  two  years  ago? 

No.  Our  cybersecurity  crisis 
occurred  in  2001. That  was  the 
low  water  mark  of  our  cybersecu¬ 
rity  profile. We  had  suffered 
through  quite  a  number  of  audits 
that  were  very  negative. The  feder¬ 
al  government’s  inspector  general 
gave  us  a  bad  audit.  We  had  poor 
audit  results  from  the  Energy 
Department’s  Office  of 
Assessment.  We  were  under  a  lot 
of  pressure.  We  were  having  week¬ 
ly  meetings  with  the  associate  lab 
director  in  2001. 


Getting  personal:  Scott  Pinkerton 

Title: 

Organization: 


tory  we  were  out  of  trouble. 

What  have  you  done  differently  since  the  crisis  was  over? 

Since  2002,  every  day  we’re  still  asking  ourselves  what 
we  can  do  more,  better,  smarter.  We’ve  done  a  number  of 
things  that  are  very  interesting.  We  re-adapt  our  intrusion- 
detection  systems  every  60  minutes  based  on  the  current 
state  of  the  firewall.  We’ve  done  a  lot  to  integrate  [our 
devices.]  We’ve  been  very  creative  on  how  we  administer 
network  control.  Since  we’re  similar  to  a  college  environ¬ 
ment,  it  would  be  too  challenging  to  force  an  agent  on 
every  device.  So  we  scan  every  10  seconds  for  new 
devices  on  the  network.  We  keep  track  of  everyone’s  pres¬ 
ence  on  the  network. 

What  new  security  initiatives  do  you  have  planned? 

We’re  pushing  a  federated  approach  to  sharing  data  to 
help  improve  cybersecurity.  We’re  asking  if  it  would  be 
valuable  for  Oak  Ridge  National  Lab  or  Lawrence  Berk¬ 
eley  National  Lab  if  Argonne  gave  them  a  summary 
digest  every  30  minutes  of  the  IP  addresses  that  have 
been  hostile  here.  We’re  seeing  that  the  people  who  are 
hostile  at  one  [Energy  Department]  lab  end  up  being 
hostile  at  others. 

Do  you  feel  more  confident  about  security  than  you  felt  several 
years  ago? 

Yes,  because  we’ve  been  doing  fairly  well  on  the  audits. 
However,  I’d  say  that  the  battle  never  rests.The  threat 
model  is  forever  evolving.  I’m  still  nervous. 

What  issues  still  keep  you  up  at  night? 

Personally  identifiable  information  is  a  new  problem. 
For  [the  Energy  Department] ,  it’s  on  the  political  radar 
screen.  Any  incidents  involving  PII  are  highly  scruti¬ 
nized.  We  have  a  ton  of  new 
oversight  about  what  we  are 
doing  on  the  PII  front. 


Communications  infrastructure  department  manager  (since  August) 

Argonne  National  Laboratory 

Voice  and  data  networks,  network-attached  security  devices. 

Annual  budget:  85.5  million 
Staff:  23 

Previous  jobs:  Various  positions  at  Argonne,  including  networking  section  manager  and  computer  systems  engineer.  Also 
served  as  staff  engineer  at  Martin  Marietta  Astronautics. 

Education:  Master's  degree  in  computer  science  from  the  University  of  Colorado  in  Boulder,  bachelor's  degrees  in  computer 
science  and  math  from  Bowling  Green  State  University. 

First  PC:  Radio  Shack  TRS/80  with  attached  cassette  deck  storage. 

First  experience  News  groups  (netnews). 

with  the  Internet: 

Home  network: 


Firewall  with  four-port  switch,  wireless  access  point,  two  adult  computers,  two  kid  computers,  two  network- 
attached  printers  and  Tivo  with  a  wireless  dongle. 


What  lessons  have  you  learned  from 
your  experience  improving  security  at 
Argonne? 

Communication  and  education 
have  to  be  No.  l.You  have  to  lis¬ 
ten  to  a  lot  of  people.You  have  to 
let  them  communicate  their  con¬ 
cerns  and  worries  about  these 
types  of  changes.  Developing  will¬ 
ful  partners  with  your  user  popu¬ 
lation  is  important.Talk  to  your 
peers  to  see  what  other  people 
have  done.  Don’t  try  to  re-invent 
the  wheel  yourself.  Also,  know  thy 
network.  We  have  NetFlow  data  so 
we  can  understand  what  traffic  is 
on  our  network.B 


.INFRASTRUCTURE  LOG  -  - 

—  ■■■■■  -  —  t  mmmm® 

_DAY  33:  Our  information  is  siloed.  Unmanageable . 

People  can’t  access  the  latest  info  to  make  decisions. 

Gil’s  resorted  to  giving  everyone  access  to  everything 
all  at  once. 

.Monitors  now  outnumber  humans  18  to  1. 

.DAY  36:  It’s  clear  to  me.  We  need  an  IBM  Information 
On  Demand  middleware  solution.  Info  will  be  liberated 
from  the  silos — available  when  we  need  it,  whatever 
the  format.  Accurate  and  in  context.  Now  we  can  make 
smarter  decisions  and  deliver  real  business  value. 

.Access  is  a  beautiful  thing. 


See  innovative  IBM  Info  Management  solutions  in  action: 

IBM.COM/TAKEBACKCONTROL/INFO 


IBM  and  the  IBM  logo  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  All  rights  reserved. 
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Consultants 

continued  from  page  1 

consultants  who  also  got  their  starts  build¬ 
ing  switching  equipment,  setting  up  net¬ 
works  and  putting  out  fires  on  the  front 
lines  of  IT. 

“Nobody  can  know  how  IT  interoperates 
with  the  business  as  intimately  as  some¬ 
one  within  that  business,  because  they  eat, 
live  and  breathe  it  all  day  long,”  says  Zeus 
Kerravala,  senior  vice  president  of  enter¬ 
prise  research  at  Yankee  Group.  Kerravala 
started  working  as  a  Unix  programmer  at 
Canada’s  University  of  Victoria  and  moved 
into  enterprise  companies, including  invest¬ 
ment  banking  firm  Alex  Brown. 

“Having  this  experience  gives  me  credi¬ 
bility  and  helped  me  a  lot  early  on.  I  know 
it’s  not  just  about  speeds  and  feeds;  people 
don’t  really  just  buy  off  that,  it’s  just  one  part 
of  the  equation,”  he  says. 

Takes  one  to  know  one 


Making  the  leap 

Considering  a  move  from  manning  the  trenches  to  spotting  trends? 


Network:  Many  IT  gurus  moved  into 
consulting  or  analyst  work  after  a 
former  colleague  or  friend  made 
the  leap.  “Never  burn  a  contact,”  says 
Zeus  Kerravala,  senior  vice  president  of 
enterprise  research  at  Yankee  Group. 

Listen:  Listening  skills  are  critical 
when  managing  hundreds  of  clients  and 
trying  to  understand  each  client's 
unique  problems.  “Your  opinion  isn’t  the 
most  important  or  even  knowledgeable 
opinion  anymore  when  it  comes  to  the 
issues  inside  an  end-user  organization," 
says  Peter  Sevcik,  president  at  consul¬ 
tancy  NetForecast. 

Talk:  Analysts  need  to  be  able  to  pre¬ 
sent  their  technological  know-how  in 


common  terms  to  large  groups  of  peo¬ 
ple  with  mixed  levels  of  knowledge.  It 
can  be  a  challenge  to  represent  opin¬ 
ions  simultaneously  as  both  relevant 
and  accessible.  “You  have  got  to  be 
comfortable  in  front  of  an  audience 
anywhere  from  five  to  500  people  and  in 
some  ways,  just  be  able  to  let  go,"  says 
Joe  Skorupa,  a  research  vice  president 
at  Gartner. 

Write  (a  lot):  Analysts  are  required  to 
put  their  knowledge  of  an  entire  tech¬ 
nology  area  or  market  into  writing  year¬ 
ly,  quarterly,  weekly  and  in  some  cases 
daily.  “The  skill  sets  to  be  an  analyst  are 
not  necessarily  developed  in  the  course 
of  daily  work  as  an  IT  practitioner,  so 


you  have  to  take  any  opportunity  you 
can  to  write,”  says  Mark  Nicolett,  a  vice 
president  and  research  director  at 
Gartner. 

Think  broadly:  Just  as  important  as 
knowing  a  technology  is  understanding 
its  impact  across  an  industry.  "What 
jazzed  me  about  being  an  analyst  was 
getting  the  bird’s  eye  view  of  the  indus¬ 
try.  You  take  that  greater  clarity  of 
working  in  the  trenches,  expand  it 
beyond  an  individual  project,  and  see 
technology  as  it  fits  into  the  whole  pic¬ 
ture,"  says  Christopher  Voce,  a 
researcher  at  Forrester  Research. 

—  Denise  Dubie 


Having  spent  time  as  a  practitioner  makes 
it  easier  to  establish  a  rapport  with  clients 
who  need  advice  about  how  to  run  a  pro¬ 
ject, says  Mark  Nicolett, a  vice  president  and 
research  director  at  Gartner  covering  secu¬ 
rity  and  privacy 

Nicolett  worked  at  several  insurance  firms 
in  the  Hartford,  Conn.,  area  until  he  spent 
15  years  at  Aetna,  working  on  projects  such 
as  disaster  recovery  and  client/server  man¬ 
agement  systems.  Now  with  10  years  under 
his  belt  at  Gartner,  Nicolett  says  he  still 
works  to  keep  his  technology  knowledge 
fresh,  even  if  he  doesn’t  get  the  chance  to 
touch  technology  daily. 

“Any  IT  practitioner,  regardless  of  their 
background  or  current  position  as  an  ana¬ 
lyst,  faces  technical  obsolescence  and  must 
refresh  their  skills.  But  as  an  analyst,  you 
have  to  adjust  to  a  situation  where  you  are 
not  placing  your  hands  on  technolog}/’ 
Nicolett  says. 

Not  only  does  the  hands-on  experience 
lend  analysts  credibility  among  user  orga¬ 
nizations,  but  it  also  instills  in  them  an  abil¬ 
ity  to  attack  business  and  process  problems 
with  technology  Thinking  like  a  technolo¬ 
gist  translates  into  the  analyst  role, some  say 


“In  principle,  working  as  an  analyst  is  not 
far  from  working  as  a  software  architect.You 
just  have  to  adapt  your  conceptual  and  log¬ 
ical  skills  to  another  type  of  process,”  says 
Jean-Pierre  Garbani,  a  vice  president  with 
Forrester  Research. 


Garbani  started  in  IT  at  a  small  com¬ 
pany  in  France  that  was  automating 
control  processes  of  nuclear  power 
plants  and  moved  to  Bull  GE,  where  he 
developed  networks  and  transactional 
systems.  Garbani  also  took  part  in 
launching  a  software  company,  but  ulti¬ 
mately  made  the  leap  to  analyst  after 
two  of  his  colleagues  in  IT  at  John 
Hancock  moved  into  the  area  and  lured 
him  to  the  other  side. 

Garbani  can  still  recall  how  he  perceived 
consultants  and  analysts  when  he  was  in 
the  trenches  and  works  to  avoid  coming 
across  that  way  to  his  clients.  In  addition, his 
past  life  as  an  IT  professional  gives  Garbani 
a  healthy  dose  of  cynicism  when  evaluating 
vendor  pitches. 

“I  remember  trying  to  make  sense  of 
Gartner  or  Giga  reports  and  finding  them 
lacking  in  details  and  sometimes  down¬ 
right  inaccurate,”  he  says.“I  now  know  how 
it  is  done:  the  politics,  budgets  and  influ¬ 
ences.  I  have  been  there,  and  it  has  not 
changed  in  all  these  years.  1  know  the  B.S. 
that  is  served  to  analysts  [by  vendors] .  1  did 
it  myself.” 


Reality  check 

For  some,  early  IT  experiences  provided 
an  opportunity  to  be  a  part  of  industry-mak¬ 
ing  events. 

Peter  Sevcik  remembers  the  day  his 
work  with  the  Advanced  Research 


Projects  Agency  in  Washington,  D.C.,  led 
to  the  dividing  of  the  Arpanet  into  multi¬ 
ple  networks  and  the  beginning  of 
today’s  Internet.  “I  pulled  the  switch 


along  with  Col.  Heidi  Heiden  at  noon, 
Oct.  4, 1983,”  he  recalls. 

But  more  important  for  his  work  today 
Sevcik  says  he  remembers  the  politics  with¬ 
in  an  organization  that  makes  technology 
adoption  a  challenge.  He  keeps  that  with 
him  when  trying  to  help  user  organizations 
solve  a  business  problem  with  technology 

“Consultants  and  analysts  don’t  always 
take  into  account  the  organizational  inertia 
that  exists  in  companies,”  says  Sevcik,  who 
today  is  president  at  NetForecast,  a  consul¬ 
tancy  that  specializes  in  application  perfor¬ 
mance  and  real-time  traffic  analysis.  “In 
order  for  some  new  technology  to  succeed, 
it  will  require  supportive  processes  and 
dealings  with  other  parts  of  the  organiza¬ 
tion  that  maybe  have  never  been  dealt  with 
before.” 

Despite  the  benefits  these  industry  watch¬ 
ers  gained  in  their  early  IT  roles,  some  say 
transitioning  out  of  IT  and  into  network 
industry  research  wasn’t  necessarily  a  nat¬ 
ural  or  easy  process.  For  many  the  move 
required  honing  business,  communica¬ 
tions,  presentation  and  writing  skills  —  and 
even  sharpening  their  technology  skills. 


“It’s  not  as  easy  as  it  looks,”  says  Rich  Ptak, 
a  founder  and  principal  analyst  with  Ptak, 
Noel  &  Associates.“I  hear  a  lot  of  folks  talk¬ 
ing  about  getting  off  the  corporate  tread¬ 


mill  and  relaxing  into  consulting  work,  but 
it  doesn’t  always  represent  a  steady  pay- 
check,  and  you  don’t  always  lose  that  boss 
you  wanted  to  escape.You  get  more  bosses 
—  your  clients.” 

For  some,  the  transition  represented  a  bit 
of  an  ego  check. 

“You  think  consultants  don’t  know  much 
when  you’re  in  IT.You  think  you  know  a  lot 
about  technology,  but  what  you  know  is  a 
lot  about  how  technology  is  deployed  in 
your  organization.  That  was  a  big  —  and 
very  rude  —  awakening  for  me,  and  it  took 
me  a  while  to  ramp  up, "says  Yankee  Group’s 
Kerravala.  “You  have  to  be  comfortable  giv¬ 
ing  up  the  hands-on  technical  edge  that 
you  once  had.” 

Others  say  that  while  they  miss  the  daily 
contact  with  technology,  becoming  an  ana¬ 
lyst  gives  them  the  opportunity  to  broaden 
their  knowledge  by  talking  to  many  end- 
user  organizations  about  their  large-scale 
implementations. 

“The  nice  thing  is  I  get  to  work  with  a  lot 
of  folks  that  are  working  with  a  lot  of  tech¬ 
nologies,  more  than  I  could  work  with  in  IT 
on  my  own,”  Gartner’s  Skorupa  says.  ■ 


jm 


knew  the  guy  selling  the  alumni 
their  tickets  to  basketball  games 
could  have  had  me  fired  on  a  dime  if 
his  systems  weren’t  working.”** 

Joe  Skorupa,  research  vice  president,  Gartner 


I  remember  trying  to  make  sense 
of  Gartner  or  Giga  reports  and  finding 
them  lacking  in  details  and  some¬ 
times  downright  inaccurate.  I  now 
know  how  it  is  done:  the  politics,  bud¬ 
gets  and  influence.”  ** 


Jean-Pierre  Garbani,  vice  president,  Forrester  Research 


.INFRASTRUCTURE  LOG 
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_DAY  44:  This  lack  of  productivity  is  out  of  control. 

What  we’re  using  isn’t  working.  Gil’s  had  enough. 

He  moved  everyone  into  one  cubicle.  A  “collaboration” 
cubicle.  We  need  a  better  idea. 


_DAY  46:  I’m  going  with  IBM  Lotus®  Notes®  and  Domino! 
It’s  more  than  e-mail;  it’s  an  open  platform  designed 
for  collaboration.  It  has  proven  security  features  and 
productivity  enhancers  like  document  sharing  and  custom 
app  development.  And  it’s  flexible  enough  to  integrate 
across  multiple  platforms,  including  J2EE™  and  Linux! 


_0K,  who  sat  on  my  lunch? 


ownload  the  Lotus  Notes  &  Domino  demo  at: 

IBM.COM/TAKEBACKCONTROL/COLLABORATION 


IBM,  the  IBM  logo,  Lotus,  Notes  and  Domino  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States,  other  countries  or  both.  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the 
United  States,  other  countries,  or  both.  Java  and  all  Java-based  trademarks  are  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States,  other  countries,  or  both.  ©Copyright  IBM  Corporation  2006.  All  rights  reserved. 
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Companies  tackle  telecom  expenses 

TEM  vendors  claim  they  can  save  you  money,  but  picking  the  right  company  is  challenging. 


BY  DENISE  PAPPALARDO 

Last  week  we  highlighted  five  telecom 
expense  management  vendors  to  watch. 
Here  are  five  more: 

ProfitLine 

Founded:  1992 

Headquarters:  San  Diego 

Leadership:  President  and  CEO  Stephen 
Hundley  joined  the  company  in  April  from 
Accenture,  where  he  most  recently  served 
as  executive  director  and  COO  for 
Procurement  Solutions.  Rick 
Valencia,  chairman  and 
chief  strategy  officer. 

What  it  sells:  BPO  services 
based  on  its  MyTelcoMan- 
ager  Web  platform  for  tele¬ 
com  life-cycle  management, 
from  choosing  a  carrier  to 
paying  bills. 

Differentiators:  ProfitLine  is  believed  to 
be  the  biggest  TEM  vendor.  .  . .  Boasts  an 
integrated  wireline  and  wireless  platform. 

What  others  say:  “One  of  the  problems 
with  the  bigger  professional  service  com¬ 
panies  is  many  are  suffering  from  serious 
merger  and  acquisition  integration  prob¬ 
lems,”  says  Lisa  Pierce,  a  vice  president  at 
Forrester  Research.  “ProfitLine  is  one  that 
does  not.”  “The  company  is  unique  among 
the  larger  outsourcing  TEM  firms  in  that  it 
owns  its  own  wireless  TEM  company?’ 
Pierce  says.  Gartner  concurs,  saying  Profit- 
Line  supports  both  platforms  “really  well.”  It 
also  says  ProfitLine  needs  to  improve  its 
business  intelligence  capabilities  and  says 
customers  are  asking  for  more  “investments 
in  professional  services.” 

Cost:  Uses  different  pricing  models  for 
wireline  and  wireless  telecom  engage¬ 
ments.  Wireline  customers  can  expect  to 
pay  about  2%  of  their  annual  telecom¬ 
munications  expenses.  Wireless  cus¬ 
tomers  can  anticipate  spending  $5  to  $15 
per  month,  per  device. 

Potential  savings:  A  “reasonably  conser¬ 
vative”  figure  is  3%  to  7%  savings  on  wire- 
line  TEM.  Optimizing  voice  and  data  net¬ 
works  from  sourcing  to  procurement  can 
result  in  15%  to  30%  cost  reductions,  the 
company  says. 

How  company  got  started:  Initially 
helped  other  firms  control  costs  for  all 
aspects  of  their  business.  With  so  many 
clients  looking  to  reduce  telecom  ex¬ 
penses,  ProfitLine  began  focusing  on  that 
exclusively  around  2002. 

Origin  of  company  name:  Vallencia’s  wife 
came  up  with  the  name  with  the  idea  of 
helping  to  create  more  profits. 

Customers:  U.S.  Postal  Service,  Delta 
Airlines. 

Funding:  Raised  $15  million  in  its  B  round 


of  venture  funding;  investors  include  Menlo 
Ventures  and  FTVentures. 

Quickcomm  Software  Solutions 

Founded: 1997 

Headquarters:  New  York  City 

Leadership:  Founded  by  CEO  Mark  Evans 
and  Head  of  Product  Development  Terry 
Healy  who  have  more  than  40  years  of 
experience  in  telecom  between  them. 

What  it  sells:  Telecom  Expense 
Management  Software  that  includes  auto¬ 
matic  reconciliation  of  tele¬ 
com  bills  down  to  line 
items,  reports  of  charges  not 
in  your  inventory  or  by  per¬ 
sonnel  no  longer  with  the 
company.  Allocates  ex¬ 
penses  to  cost  centers  and 
analyzes  usage  to  guide 
provisioning  and  optimize 
networks.  The  company  licenses  its  soft¬ 
ware  and  offers  it  as  a  service. 

Differentiators:  Works  with  200  carriers 
around  the  world  and  has  invoice  transla¬ 
tors  or  parsers  for  all. . . .  Guarantees  it  will 
keep  up  with  all  carrier  invoice  changes 
within  five  days.“We’ll  create  a  new  transla¬ 
tor  from  scratch  or  fix  a  change  in  an  exist¬ 
ing  one.  We  guarantee  that,  and  it’s  really 
critical,”  Evans  says.  Supports  wireline  and 
wireless  TEM. . . .  CSC  licenses  Quickcomm’s 
software  and  uses  it  as  the  basis  of  its  TEM 
practice,  Evans  says. 

What  others  say:  Multinationals  should 
consider  Quickcomm,  says  Eric  Goodness, 
vice  president  of  research  at  Gartner. 
“Quickcomm  was  born  in  Asia  Pac,”  work¬ 
ing  closely  with  Telstra,  BT  and  other  inter¬ 
national  carriers,  he  says.“This  gives  them  a 
little  bit  of  an  edge  in  terms  of  depth  of  rela¬ 
tionship  with  carriers,  and  that  counts.” 

Cost:  “We  want  to  charge  big  customers 
more  than  small  because  they  require 
more  support  and  more  translators,” 
Evans  says.  The  figure  is  based  on  a  per¬ 
centage  of  overall  telecom  spend.  Quick¬ 
comm’s  software-as-a-service  is  based  on 
a  monthly  subscription  fee  that  works  out 
to  be  0.5%  to  1%  of  a  customer’s  annual 
telecom  spend. 

Potential  savings:  Based  on  third-party 
consulting  firms,  Quickcomm  customers 
generally  can  expect  10%  cost  savings  in 
the  first  year. 

How  company  got  started:  In  Australia  in 
the  early  1990  Evans  says  he  was  inspired  to 
develop  software  that  would  help  clients 
reconcile  their  bills.  In  2003,  Quickcomm 
saw  its  first  American  customer  and  has 
been  moving  west  ever  since. 

Origin  of  company  name:  Was  one  of 
many  names  considered;  it  worked  out 
from  a  legal  standpoint. 


Customers:  Citigroup,  Kraft,  BP  Merrill 
Lynch  and  CSC. 

Funding:  Self  funded  with  the  exception 
of  one  entrepreneur  from  Australia  named 
Roger  Allen. 

Rivermine 

Founded:  2001 

Headquarters:  Fairfax, Va. 

Leadership:  CEO  and  President  Mark 
Logan  has  20  years  of  sales  and  manage¬ 
ment  experience  in  software;  previously 
served  as  vice  president  and  general  man¬ 
ager  of  FeopleSoft’s  CRM  business  unit. 

What  it  sells:  Inventory  Engine,  Service 
Order  Manager,  Finance  Manager  and 
Clarity  software,  which  makes  up  the  bulk 
of  its  business,  plus  software-as-a-service 
and  managed  outsourced  services. 

Differentiators:  The  fact  that  “our  roots  are 
around  software  delineates  us,”  says  John 
Shea,  vice  president  of  marketing. . . .  New 
Clarity  package,  which  provides  dash¬ 
boards  and  reporting  tools _ Has  created 

benchmarks  based  on  real  customer  data 
(keeping  customer  names  private) _ Sup¬ 

ports  wireline  and  wireless  TEM. . . .  Has  busi¬ 
ness  relationships  with  two  large  BPO  firms, 
including  Accenture. 

What  others  say:  “They  are  one  of  the 
strongest  players  in  terms  of  inventory  man¬ 
agement,  ordering  and  provisioning,”  says 
Gartner’s  Goodness.  He  says  the  company 
has  a  good  number  of  customers  in  the 
Fortune  500.  He  points  out  that  Rivermine  is 
not  a  good  fit  for  small  companies,  as  its 
platform  “is  harder  to  scale  from  a  price 
point  down  to  smaller  companies.”  Core 
invoice  auditing  is  the  company’s  biggest 
weakness,  Goodness  adds. 

Cost:  Typically  1%  to  3%  of  a  company’s 
annual  telecom  spend,  although  this  varies 
based  on  the  amount  of  money  a  company 
spends,  plus  managed  service  fees  for  those 
buying  more  than  software  licenses. 

Potential  savings:  Rivermine  runs  a  cus¬ 
tomer’s  information  against  its  database  of 
like  customers  to  give  a  feel  for  how  big  sav¬ 
ings  could  be.On  average, savings  fall  in  the 
7%  to  25%  range. 

How  company  got  started:  Originally 
called  Cicat  Networks,  then  changed  its 
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First  five 

If  you  missed  last  week's  list  of  the  first  five  tele¬ 
com  expense  management  companies  to  watch, 
check  out  the  entire  list  online. 

www.nwdocfinder.com/6335 


name  to  Telco  Exchange  before  becoming 
Rivermine  in  2001.  Cicat  was  a  value-added 
reseller  of  carrier  network  services  that  over 
time  focused  on  optimizing  and  automat¬ 
ing  carrier  services  —  expertise  that 
evolved  into  the  Rivermine  software. 

Origin  of  company  name:  Comes  from 
the  idea  of  how  information  flows  through 
an  organization,  like  a  river.  The  idea  of 
“how  powerful”  mining  that  information  is 
to  an  enterprise  makes  up  the  back  end  of 
the  company  name,  Shea  says. 

Customers:  Marriott,  Fidelity  Investments, 
IKON  Office  Solutions  and  Starbucks. 

Funding:  Investors  include  Valhalla 
Partners,  Columbia  Capital  and  Longworth 
Venture  Partners,  with  the  last  round  of 
funding  in  June  2005  totaling  $10  million. 

Symphony  Spend  Management  Solutions 

Founded: 2002 

Headquarters:  Palo  Alto,  Calif. 

Leadership:  President  Alan  Harlan  came 
on  board  in  2004  and  brings  20  years  of 
experience  in  IT  and  outsourcing. 

What  it  sells:  EMS  1 1  software  suite,  which 
includes  asset,  invoice  and  usage  manage¬ 
ment,  financial  allocation,  strategic  sourc¬ 
ing,  audit  and  recovery  and  reporting.  The 
company  licenses  its  software,  offers  it  as  a 
service  and  supports  full  outsourcing  (the 
business  is  split  roughly  along  those  lines). 

Differentiators:  “From  a  revenue  stand¬ 
point  we  are  in  the  top  five,”  Harlan  says.“We 
are  financially  strong  and  we  are  a  global 
company  which  is  a  major  differentiator 
when  selling  to  large  financial  institutions. 
None  of  our  competitors  are  profitable.”The 
company  has  a  global  presence  and  is  the 
exclusive  partner  for  Verizon  Business’ TEM 
offering.  Also  works  with  AT&T,  which 
Harlan  says  is  its  biggest  client. 

What  others  say:  “This  [Verizon]  partner¬ 
ship  will  bring  them  significant  deal  flow 
[and]  help  them  establish  new  capabilities 
going  forward, ’’says  Joe  Basili, research  direc¬ 
tor  at  Aberdeen  Group.  Symphony  has  large 
customers  beyond  the  carriers,  he  adds. 

Cost:  Depends  on  whether  a  customer  is 
a  TEM  newbie,  experienced  or  in  between. 

Potential  savings:  Customers  can  expect 
to  reduce  expenses  between  8%  and  13%, 
with  more-experienced  TEM  customers  on 
the  higher  end  of  that  range. 

How  company  got  started:  Through 
acquisitions.  Parent  company  Symphony 
Services  acquired  TEM  vendor  Telco  Re¬ 
search  in  2002.  In  2003  and  2004,  the  com¬ 
pany  bought  Teletron  and  Stonehouse, 
respectively. 

Origin  of  company  name:  Comes  from 
the  parent,  plus  the  fact  that  SSM  handles 
all  phases  of  TEM. 

See  Telecom,  page  36 
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high  Availability  & 
Reliability 


superior  Performance 

*  Up  to  1 40,000  L4  connections/sec 

*  Application  throughput  from  2  to  1 2  Gbps 

*  Wire-speed  Layer  2/3  forwarding 

*  Scalable  processor  performance 


SCALABILITY  & 
EXPANDABILITY 


Resilient  switching  and  routing  foundation 
'  Global  load  balancing  for  multi-site 
scalability  and  survivability 

•  Link  aggregation 

•  Rapid  and  stateful  session  failover 

•  RSTP,  VRRP  for  switch  and  router 
redundancy 

•  Redundant  power  supplies 

Security 

•  DoS  protection  up  to  4  million  SYN/sec 

•  Wire-speed  ACLs 

•  Application  rate  limiting 

•  Secure  device  management 

•  sFlow  traffic  monitoring 
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ServerIronGT  E-Series 

Rich  Features  Flexibility 

& 

Port  expansion  to: 

•  48  Gigabit  Ethernet 
•48  10/100  Mbps  Ethernet 

•  4  1 0-Gigabit  Ethernet 


1  Intelligent  content  switching  using 
URL,  HTTP,  XML,  cookies,  SSL 
ID  and  others 
■  IP  NAT 

1  RIPv2,  OSPF  routing 


MANAGEABILITY 

•  In-line,  one-ARM  and  Direct  Server 
Return  modes 

•  Web,  SNMP,  INM  and  Cisco-like  CLI 
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Uptime,  scalability,  performance 
and  security  are  the  watchwords 
for  your  network.The  Serverlron® 
application  switch  is  designed  for 
this  environment.  Its  advanced 
switch-based  architecture 
features  a  scalable  content 
switching  engine  with  hardware- 
based  DoS  protection  delivering 
the  industry’s  most  powerful 
and  secure  application 
switching  solution. 


PC  Appliances  Cannot  Match  the 
Power  and  Flexibility  of  the  Ssi  VS/J/b/J 

Serverirdn  pc  appliances 

PERFORMANCE  UPGRADEAB  ILITY 

X 

IN-SERVICE  PORT  EXPANDABILITY 

v' 

X 

1D-GE  SUPPORT,  >  1  □  GPBS  THROUGHPUT 

X 

HIGH-DENSITY  DIRECT  SERVER  FAN-OUT 

X 

HARDWARE-BASED  CONNECTION 

MANAGEMENT  AND  DOS  PROTECTION 

X 

WIRE-SPEED  L2/L3  FORWARDING  AND  ACLS 

>/ 

X 

The  Serverirdn 
Family  df  Products 
also  Includes: 


Serverirdn  450  and  850 


FOUNDRY 

NETWORKS 

The  Power  of  Performance™ 


SERVERlRDNXL 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions 
including  Layer  2/3  LAN  switches.  Layer  3  Backbone  switches,  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

V _ _ _ - _ J 


For  more  information  please  call:  us/canada  1  SSS  TURBOLAN, 
INTERNATIONAL  +1  4-08.586.1700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM/SIE  j 
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Living  in  the  post  e-mail  world 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


I  give  up.  After  almost  two 
decades  of  e-mail  being  my  quin¬ 
tessential  business  tool  for  man¬ 
aging  people,  projects  and 
processes,  1  have  to  admit  that  it 
no  longer  is  up  to  the  job.  It  is  time 
for  me  to  deal  with  the  fact  that 
we  are  living  in  a  post  e-mail 
world. 

With  the  exception  of  mobile 
messaging  —  please,  I  need  some 
e-mail  downtime  —  I’ve  tried  it  all. 
1  triaged  my  messages  using  fold¬ 
ers,  flags  and  follow-ups  to  keep 
things  organized.  1  jumped  on¬ 
board  to  use  the  Lookout  search 
engine  for  Outlook  before  Micro¬ 
soft  bought  the  company  I  try  to 
take  advantage  of  every  useful  fea¬ 
ture  available. 

But  I’m  convinced  that  you  just 
can’t  manage  via  e-mail  anymore. 

Perhaps  you  are  thinking:  “Tolly 
where  have  you  been?”  My  answer 
is  that  it’s  so  ingrained  to  use  e- 
mail  that  my  approach  to  manag¬ 
ing  more  projects  has  always 
been  to  use  more  email. 


I’m  sure  that  there  are  countless 
others  who  also  have  continued 
to  hammer  away  at  projects  with 
the  same  trusty  tool  —  email. 

The  new  tool?  Collaboration. 
OK,  it  isn’t  new,  but  for  me  at  least, 
its  time  has  come. 

Lotus  Notes  creator  Ray  Ozzie 
has  been  in  the  collaboration 
groove  since  he,  well,  created 
Groove  a  number  of  years  ago. 
Now  part  of  Microsoft,  this  virtual 
office  environment  lets  teams 
“share  files,  manage  meetings  and 
projects,  track  data  and  processes, 
and  get  work  done  as  if  you  were 
all  in  the  same  location.” 

Collaboration  systems  such  as 
Groove  enable  the  type  of  interac¬ 
tion  and  sharing  that  you  can’t  do 
when  your  tools  consist  of  just  an 
in-box  and  a  server  share.  And, 
because  you  probably  don’t  want 
outsiders  having  access  to  your 
server  shares,  you  often  find  your¬ 
self  limited  again  to  e-mail. 

Early  implementations  of 
Groove,  as  with  any  significant 
new  platform,  had  limitations  and 
bugs.  The  lack  of  broadband 
speeds  years  back  often  made  file 
synchronizing  impractical  be¬ 
cause  of  the  slow-motion  nature 
of  narrowband  connections. 

That  restriction  is  gone  and  it  is 
quick  enough  to  sync  up  even 
multimegabyte  files.  Over  time, 


mechanisms  for  keeping  shared 
data  in  sync  and  allowing  trans¬ 
missions  of  “updates  only”  have 
made  the  process  quicker  and 
more  reliable. 

Software-as-a-service  also  has 
emerged  as  a  viable  way  to  imple¬ 
ment  everything  from  CRM  to  col¬ 
laboration. Thus,  the  planning  and 
effort  needed  to  prototype  a  col¬ 
laboration  suite  has  disappeared. 

While  I  haven’t  investigated 
Microsoft’s  Live  Office,  one  would 
imagine  that  its  Collaboration 


offering  is  a  packaging  of  the 
Groove  technology  and  offers  a 
quick  way  to  explore  collabora¬ 
tion. 

Central  Desktop  (www.Central 
Desktop.com)  is  a  third-party  host¬ 
ed  collaboration  solution.  (The 
Tolly  Group  has  no  affiliation  or 
relationship  with  it.)  We’ve  worked 
with  it  and  found  it  to  have  all  the 
essential  features  we  need  for  vari¬ 
ous  collaborative  projects. 

It  has  workspace  templates  for 
common  types  of  projects  to  get 


going  in  minutes  but  also  lets 
users  customize  workspaces  to 
suit  individual  project  needs. 

E-mail  is  not  going  away,  but 
rather  than  running  your  project,  it 
is  much  better  suited  to  the  task  of 
notifying  you  of  updates  to  your 
collaborative,  groupware  project. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


NET  INSIDER 


Scott  Bradner 


Every  three  years  the  U.S.  Copy¬ 
right  Office  gets  a  chance  to  fix 
some  of  the  universe  of  bad  things 
about  the  Digital  Millennium 
Copyright  Act.  Just  like  the  last  two 
times,  the  Copyright  Office  has 
labored  mightily  and  birthed  a 
mouse  where  an  elephant  was 
needed.  Some  parts  of  this  mouse 


Telecom 

continued  from  page  34 

Customers:  LaQuinta  Hotels,  JP  Morgan  Chase, 
Morgan  StanleyTickets.com. 

Funding:  Comes  from  Symphony  Services,  which  is 
privately  held  and  funded  by  Symphony  Technology 
Group,  a  holding  company  and  TH  Lee  Putnam 
Ventures. 

Tangoe 

Founded:  2000 

Headquarters:  Orange,  Conn. 

Leadership:  CEO  and  President  Albert  Subbloie, 
who  has  been  in  the  telecom  industry  for  more 
tfian  20  years. 

What  it  sells:  Communications  Management 
Platform  (CMP)  software  that  lets  customers  moni¬ 
tor,  analyze,  manage  and  control  a  range  of  TEM 
processes  from  one  application.  Also  offers  software- 
as-a-service  and  BPO  services. 

Differentiators:  Tangoe  is  investing  $7  million  in 
research  and  development  this  year  and  Subbloie 
says  that  represents  two  to  three  times  more  than 
any  of  its  competitors....  Has  an  extensive  partner 
program  with  20  outsourcers  around  the  world.... 
Well  versed  in  dealing  with  international  service 
providers,  handling  100  to  200  bill  translators, 


according  to  Subbloie....  Uses  workflow  tools  and  a 
provisioning  model  to  help  companies  spot  leak¬ 
age,  which  is  paying  more  for  a  circuit  than  a  con¬ 
tract  dictates  or  paying  for  wireless  phones  for  ex¬ 
employees. 

What  others  say:  Gartner  says  the  company 
signed  the  largest  TEM  deal  of  2006,  with  a  finan¬ 
cial  services  company  that  spends  $250  million 
annually  on  telecom. 

Cost:  Ranges  depending  on  whether  the  customer 
opts  for  a  basic  or  simple  TEM  setup  and  how  much 
it  spends  annually  on  telecom.  For  a  company  that 
spends  $20  million  to  $30  million  per  year,  it  might 
need  to  pay  1  %  to  1 .5%  of  that  to  Tangoe.  Companies 
that  spend  less  than  $10  million  might  spend  a  little 
higher  percentage. 

Potential  savings:  Single  percentages  up  to  20%. 

How  company  got  started:  Subbloie  started  the 
company  six  years  ago  with  the  idea  of  offering  busi¬ 
nesses  tools  to  better  manage  their  telecom  inven¬ 
tory  and  expenses,  and  released  Version  1.0  of  CMP 
in  2002. 

Origin  of  company  name:  Represents  the  dance 
between  carriers  and  their  customers. 

Customers:  HRComcast.ADP  and  McKesson. 

Funding:  Just  raised  $8  million;  investors  include 
Edison  Ventures,  North  Atlantic  Capital  and 
Axiom. ■ 


Copyright  law: 
small  changes 


look  good,  but  you  have  to  be 
mostly  impressed  by  what  the 
Office  managed  not  to  do. 

I’ve  had  rather  nasty  things  to 
say  about  the  DMCA  (www.nw 
docfinder.com/6336,  /6337  and 
/6338)  in  the  past,  all  of  them  very 
well  deserved.  A  particular  prob¬ 
lem  with  the  DMCA  is  its  almost 
absolute  prohibition  of  circum¬ 
venting  technology  that  a  vendor 
can  claim  is  protecting  copyright¬ 
ed  material. The  prohibition  does 
not  take  into  account  any  mitigat¬ 
ing  factors. 

The  DMCA  does  provide  an 
escape  mechanism, though. Every 
three  years  the  U.S.  Copyright 
Office  takes  a  look  to  see  if  some 
particular  cases  can  be  exempt¬ 
ed  from  the  legal  prohibition. The 
Office  just  finished  its  latest 
review  and  has  added  a  few  more 
exemptions  to  the  very  short  list 
that  came  out  of  the  previous 
reviews. 

The  new  report  (www.nwdoc 
finder.com/6339)  exempts  six 
classes  of  copyrighted  works. 

•  Use  of  audiovisual  works  in  a 
college  or  university  in  making 
classroom  materials  if  done  by 
media  studies  or  film  professors. 

•  Archiving  computer  programs 
or  video  games  where  readers  are 
no  longer  available. 

•  Renewed  the  exemption  for 
the  use  of  dongle-protected  com¬ 
puter  programs  when  the  dongles 
are  no  longer  available. 

•  Renewed  the  exemption  for 
ebook  materials  that  block  the 
use  of  screen  readers  (for  exam¬ 
ple  for  the  blind). 


•  Firmware  in  cell  phones  for 
the  sole  purpose  of  switching  to  a 
new  carrier. 

•  Systems  like  the  Sony  rootkit 
to  research  the  problems  and 
correct  security  flaws. 

These  exceptions  are  all  very 
narrow  —  for  example,  limiting 
the  exception  for  the  educational 
use  of  audiovisual  material  to 
higher  ed  and  to  media  studies  or 
film  professors.  But  this  result  was 
quite  predictable. 

Why  not  just  rule  that  a  user  can 
circumvent  the  protection  on 
anything  that  he  owns  where  the 
vendor  is  no  longer  manufactur¬ 
ing  equipment  that  can  access  or 
enable  it  (as  long  as  it’s  for  the 
user’s  own  use)? 

But  I  do  not  expect  that  sort  of 
thing  out  of  the  Copyright  Office 
—  you  see,  that  would  be  a  “prin¬ 
ciple”  rather  than  a  narrow  excep¬ 
tion  and  I’m  not  sure  the  office 
understands  the  concept  of  prin¬ 
ciples. 

Some  of  these  exceptions  are 
quite  useful, even  though  they  are 
narrow,  but  at  this  rate  you  and  I 
will  be  dealing  with  the  DMCA 
blocking  good  technology  and 
good  security  until  long  after  we 
retire. 

Disclaimer:  I’m  sure  Harvard 
will  outlive  the  bad  effects  of  the 
DMCA  (I’m  not  sure  I  will),  but  I 
have  not  seen  any  university  com¬ 
ment  on  the  Copyright  Office 
(in)action. 

Bradner  is  Harvard  University's 
Technology  Security  Officer.  He  can 
be  reached  at  sob@sobco.com. 


Humana  Saw  the  Future  of  Healthcare. 

Citrix  Provided  Access. 


A  man’s  diabetes  is  not  well  controlled,  but  he  doesn’t  know  it  yet.  Yesterday’s  healthcare  system  would  have 
waited  for  him  to  call. 

Today,  as  a  member  of  Humana,  he  may  be  proactively  contacted  by  a  specially  trained  nurse  who  will  guide 
him  to  resources  that  will  help  him  better  understand  his  illness  and  improve  his  self-management  skills.  It’s 
called  the  Personal  Nurse®  Service — a  new  preventive  approach  to  healthcare  for  participating  Humana 
members*  powered  by  the  Citrix  Access  Platform. 

“Our  nurses  have  the  critical  information  they  need  at  their  fingertips  wherever  they  are,  thanks  to  Citrix 
software.  They’ve  already  helped  130,000  members  be  proactive  with  their  healthcare,  which  means  greater 
member  satisfaction.  ” 

BRUCE  J.  GOODMAN 

Senior  Vice  President, 
Chief  Service  and  Information  Officer 
Humana  Inc. 


Access  your  future  today  at 
citrix.com 


©2006  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix®  is  a  trademark  of  Citrix  Systems, 
Inc.  and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States 
Patent  and  Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered 
trademarks  are  the  property  of  their  respective  owners. 
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’Not  all  Humana  members  may  be  eligible  for  the  Personal  Nurse®  service.  This  service 
is  not  immediately  activated  upon  enrollment  in  a  Humana  plan. 
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VoIP  Performance  Management: 

From  edge  to  core,  nobody  can  manage  your  VoIP  performance 
in  a  converged  environment  like  Fluke  Networks 


Fluke  Networks'  VoIP  Performance  Management  approach  is  unparalleled  with  the  breadth  of  visibility 
and  depth  of  analysis  our  solutions  provide  including  executive  level  reporting  to  drill  down  analysis 
troubleshooting.  Our  solutions  enable  organizations  to  successfully  deploy  and  manage  VoIP  to  leverage 
its  benefits  without  negatively  impacting  data  performance  within  a  converged  network  by  maximizing 
visibility  throughout  the  enterprise. 

As  the  only  vendor  to  provide  edge-to-core  visibility  through  all  aspects  of  the  VoIP  lifecycle  from 
pre-assessment  to  ongoing  monitoring  and  management  to  planning  for  future  growth,  we  support 
the  management  of  VoIP,  data  applications  and  the  general  network  infrastructure.  This  is  critical  to 
enterprise  performance  management  as  voice  and  data  converge,  since  each  has  the  potential  to  impact 
the  other.  Having  network,  application,  and  VoIP-specific  analytics  allows  you  to  clearly  see  how  data 
traffic  is  affecting  call  quality,  and  how  VoIP  traffic  is  affecting  data  quality,  a  significant  advantage 
over  products  that  look  only  at  voice. 


VoIP  Performance  Management: 

Lifecycle  solutions  from  edge  to  core 

Having  a  strategic  plan  for  managing  VoIP  performance 
is  essential  to  success.  At  Fluke  Networks,  we've 
built  our  VoIP  solutions  to  give  network  managers 
edge-to-core  visibility  to  manage  the  entire  VoIP 
lifecycle  -  from  pre-deployment  assessment,  ongoing 
monitoring  and  management,  optimizing  and  planning 
for  future  growth.  Our  solutions  enable  you  to  measure 
infrastructure  effectiveness,  converge  voice  and  data, 
build  out  and  transition  new  networks,  and  quickly  zero 
in  on  application  performance  issues. 

We  call  this  approach  AMMO  -  Assess,  Monitor,  Manage 
and  Optimize  -  a  disciplined  set  of  best  practices  that 
leverage  the  benefits  of  high-performance  VoIP  in  a 
converged  network  and  maximize  the  value  of  the  entire 
infrastructure. 

Assess 

Is  your  infrastructure  prepared  to  deploy  and  support 
VoIP?  Without  a  complete  assessment  of  your  network 
infrastructure  from  LAN  and  WAN  to  desktops  and 
phones,  you  risk  major  performance  issues  -  both  with 
existing  applications  and  with  your  VoIP  rollout.  The 
steps  you  take  to  optimize  VoIP  in  this  first  phase  will 
lead  to  smoother  deployment,  higher  performance 
and  fewer  problems  throughout  the  entire  VoIP 
lifecycle.  Fluke  Network  VoIP  solutions  support  the 
pre-deployment  best  practices  needed  to: 

•  Assess  network  readiness. 

•  Observe  conversations  between  phone 
and  network. 

•  Verify  deployment. 

•  Establish  a  performance  baseline. 

Monitor 

Does  your  VoIP  call  quality  meet  your  goals?  Do  you 
have  the  network  visibility  to  address  VoIP  issues 
before  they  affect  end  users?  Once  you've  deployed 


VoIP,  monitoring  actual,  detailed  traffic  -  both  voice 
and  data  -  is  essential  to  isolating  and  managing 
performance  issues  proactively. 

The  key  to  proactive  monitoring  is  in  identifying 
potential  issues  before  performance  is  actually  degraded 
and  impacts  end  users.  Having  a  standing  monitoring 
solution  in  place  also  gives  you  a  complete  performance 
history,  so  you  can  quickly  identify  root  causes  and 
reduce  MTTR.  Ongoing  monitoring  can  be  conducted 
from  the  core,  individual  routers,  distributed  points  on 
the  network,  and  WAN  Links. 

Manage 

VoIP  problems  have  many  causes  -  from  physical 
problems  on  the  local  loop  to  an  over-utilized  port  to 
mis-configured  class  of  service  (CoS)  settings  or  high 
levels  of  jitter  within  the  voice  application  itself.  Fluke 
Networks'  broad  management  and  troubleshooting 
strategy  gives  you  visibility  from  the  edge  phone  to 
the  WAN  link,  between  remote  locations,  and  from 
the  core  across  the  vista  of  your  entire  network.  This 
is  criticaL  to  isolating  the  cause  of  degradation  and 
reducing  MTTR  when  seconds  and  minutes  saved  often 
go  straight  to  the  bottom  line. 

With  VoIP,  it  is  especially  important  to  find  and  resolve 
intermittent  problems  before  they  grow  and  impact 
more  users.  Our  solutions  enable  network  managers  to 
troubleshoot  issues  ranging  from  the  local  loop  to  the 
port  to  service  level  parameters  across  every  site. 

Optimize 

Making  the  most  of  VoIP  is  an  ongoing  process  that 
requires  capacity  planning  and  traffic  management, 
baselining  performance,  and  continuous  improvement. 
Ultimately,  it's  a  matter  of  visibility  and  control.  For 
an  IT  manager  with  a  converged  network,  edge-to- 
core  management  information  is  critical  to  making 
control  decisions  that  improve  performance.  Instead  of 
guessing  what  might  be  impacting  performance. 


Assess 


Manage 


granular  visibility  is  needed  to  help  make  informed 
decisions  such  as: 

•  Increasing  bandwidth  to  handle  additional 
usage  caused  by  VoIP. 

•  Leveraging  and  fine-tuning  CoS  capabilities  with 
an  MPLS  deployment. 

•  Improving  service  level  parameters  from  the 
service  provider. 

•  Shaping  traffic  so  the  most  business-critical  and 
delay-sensitive  applications  have  priority. 

•  Eliminating  recreational  applications  such  as  file 
sharing  and  streaming  media. 

•  Building  the  physical  infrastructure  to  meet  the 
new  demands  for  a  converged  network. 

Essential  edge-to-core  visibility: 

Only  from  Fluke  Networks 

Fluke  Networks  developed  our  VoIP  Performance 
Management  approach  as  part  of  our  Enterprise 
Performance  Management  philosophy,  which  brings 
together  partnerships,  products  and  best  practices  that 
lead  to  high-performance  networks  -  and  enterprises. 
We  are  committed  to  helping  enterprises  deliver 
superior  application,  voice,  and  infrastructure  service 
by  maximizing  network  visibility  and  information 
intelligence  through  monitoring  and  managing 
performance  across  the  LAN,  WAN,  and  multi-tier 
network  environments. 

For  a  closer  look  at  the  essentials  to  VoIP  success  and 
the  only  suite  of  products  that  support  the  converged 
network  with  edge-to-core  visibility,  just  visit  the  VoIP 
Performance  Management  Solution  Center  web  site 
at  www.flukenetworks.com/voip  -  or  call  customer 
service  at  1-800-283-5853. 

For  more  information 

To  learn  more  about  application  performance  management  solutions, 

visit  www.flukenetworks.com/APM 

F=LUKE 

networks. 
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TECHNOLOGY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Making  wide-area  file  services  secure 


HOW  IT  WORKS:  WAN  acceleration  for  Common  Internet 
Hie  System 

No  SMB  signing 

M 
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In-line  acceleration 


In-line  acceleration 


Vulnerable  to  man-in-the- 
middle  attacks  and  hijacking 

Spoofing-based  acceleration:  Digital  signatures  change  when  the  payload  is  not  restored  to  its  precise 
original  contents.  Requires  disabling  Server  Message  Block  (SMB)  signing  to  accelerate  GIFS  traffic. 


CIFS  proxy:  SMB  signing  operates  on  LAN  at  both  ends  of  the  connection.  Separate  security  provisions 
are  employed  across  the  WAN.  Allows  CIFS  traffic  to  be  both  accelerated  and  secured  transparently. 


BY  MARK  URBAN 

One  of  the  most  important  security  pro¬ 
visions  in  Microsoft’s  ubiquitous  Common 
Internet  File  System  is  Server  Message 
Block  signing. 

SMB  signing  is  a  form  of  packet  authenti¬ 
cation.  After  users  of  a  CIFS-based  applica¬ 
tion  are  authenticated,  SMB  signing  adds  a 
digital  signature  to  each  packet  transferred 
between  client  and  server.  The  signatures 
verify  that  the  identity  of  the  server 
matches  the  credentials  expected  by  the 
client,  and  vice  versa.  By  verifying  that  every 
packet  received  comes  from  an  authenti¬ 
cated  source,  the  signature  ensures  the 
integrity  of  all  communications. 

The  hashing  algorithm  used  to  create  the 
digital  signature  adds  noticeable  computa¬ 
tional  overhead  to  the  client  and  the  server. 
On  a  high-speed  LAN,  Microsoft  estimates 
this  overhead  to  be  10%  tol5%.  But  this 
layer  of  security  is  considered  unnecessary 
on  the  LAN,  and  to  maximize  throughput, 
many  organizations  disable  the  SMB  sign¬ 
ing  feature  of  CIFS.  Or  the  server  might  have 
SMB  signing  enabled  but  not  required, 
meaning  any  client  with  SMB  signing  dis¬ 
abled  can  still  communicate. 

The  situation  is  different  in  the  WAN, 
however,  where  traffic  is  vulnerable  to 
man-in-the-middle  attacks  and  hijacking. 
The  need  for  SMB  signing  with  wide-area 
file  services  (WAFS)  solutions  has  been 
heightened  recently  with  the  widespread 
availability  of  a  hacker  tool  called 
SmbRelay  that  automates  a  man-in-the- 
middle  attack  against  the  SMB  protocol. 

Signing  protects  against  SMB  session 
hijacking  and  other  tampering  by  prevent¬ 


ing  a  network  tap  from  interjecting  itself 
into  an  established  session.  SMB  signing 
should  therefore  be  considered  a  best 
practice  for  securing  WAFS-based  solu¬ 
tions  that  extend  CIFS  across  the  WAN. 

There  are  two  problems  that  the  enter¬ 
prise  often  encounters  with  WAFS  solu- 
tions.The  first  is  their  failure  to  require  (vs. 
merely  enable)  SMB  signing.  The  second 


problem  occurs  after  SMB  signing  is 
required,  and  session  failures  and/or  poor 
WAN  performance  ensue.  The  computa¬ 
tional  overhead  is  not  the  culprit  here. 
Rather,  the  problem  results  from  the  inabil¬ 
ity  of  some  WAFS  solutions  to  compress  or 
otherwise  accelerate  digitally  signed  traf¬ 
fic  in  a  fully  reversible  fashion. 

In-line  network-acceleration  products 


that  rely  purely  on  traffic-interception  tech¬ 
niques  to  implement  protocol  spoofing 
and  packet  compression,  for  example,  can 
interfere  with  SMB  signing  because  they 
don’t  restore  the  payload  to  its  precise  orig¬ 
inal  contents.  A  change  of  just  a  single  bit 
alters  the  result  of  the  hashing  algorithm 
that  computes  the  digital  signature. 
Accordingly  this  class  of  products  may 
force  organizations  to  make  a  trade-off 
between  WAN  security  and  performance. 

A  more  compatible  way  to  implement 
WAFS  for  CIFS  is  a  proxy  that  terminates 
the  CIFS  exchange  at  both  ends  of  the  con¬ 
nection.  The  proxy  handles  verification  of 
the  digital  signatures  at  the  source  in  the 
LAN,  transmits  the  packets  across  the  WAN, 
and  then  reestablishes  a  CIFS  session  with 
SMB  signing  at  the  destination.  Of  course, 
proxy-based  solutions  must  ensure  that 
packets  traversing  the  WAN  are  signed  or 
encrypted  —  or  both  —  to  preserve  the 
security  afforded  by  SMB  signing. 

The  proxy  approach  also  benefits  the 
enterprises  that  deploy  WAFS  appliances 
by  maintaining  compatibility  with  other 
CIFS  security  and  integrity  features.  These 
features  include  authentication  with  a 
challenge-response  handshake, share-level 
protection  and  distributed  file  locking, 
read/write  caching,  and  journaling  and 
recovery  provisions.  By  supporting 
Microsoft’s  CIFS  in  its  native  mode,  enter¬ 
prises  need  not  sacrifice  WAN  security  to 
improve  WAN  performance. 

Urban  (maurban@packeteer.com)  is 
director  of  product  marketing  at  Packeteer 
based  in  Cupertino,  Calif. 


Ask  Dn  Internet  By  Steve  Blass 


Are  there  any  free,  open  source  Secure  Shell 
and  Secure  File  Transfer  Protocol  clients  that 
provide  a  drag-and-drop  interface  for 
remote  file  transfer  and  have  a  license  that 
allows  commercial  use? 

The  Target  Management  subproject  of  the  Eclipse 
Device  Software  Development  Platform  project 
recently  released  a  product  called  the  Remote 
System  Explorer  that  supports  SSH  and  SFTP  file 
transfer.  Remote  System  Explorer  provides  a  tool  kit 


for  working  with  remote  computer  systems  and  files. 
Install  the  Eclipse  platform  run-time  binary  from 
www.nwdocfinder.com/6331  and  follow  the  instruc¬ 
tions  for  installing  the  Remote  System  Explorer 
found  at  www.nwdocfinder.com/6332.  Once  installed, 
Remote  System  Explorer  lets  you  connect  to  remote 
systems  using  SSH  and  displays  a  tree  view  show¬ 
ing  remote  and  local  folders  and  files  where  you  can 
drag  and  drop  —  or  cut  and  paste  —  files  between 
local  and  remote  systems.  In  addition,  you  can  open 
remote  files  for  editing  by  double-clicking  the  remote 


file  in  the  folder  view.  Using  the  save  command  on 
an  opened  remote  file  saves  the  file  back  to  the 
remote  system,  or  you  can  save  the  file  to  the  local 
system.  Remote  System  Explorer  is  more  than  an 
SSH  client,  but  the  SSH  file  browsing,  copying  and 
editing  capabilities  alone  make  the  package  worth 
taking  a  look  at  even  if  you  have  never  used  Eclipse 
before. 

Blass  is  an  IT  manager  in  Phoenix.  He  can  be 
reached  at  dr.internet@jschnee.com. 


mmm 
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Capsa  captures  and  cooks  net  comms 


GEARHEAD 


We  have  tested  products  from 
many  countries  but  today  we  have  a 
first:  a  Windows  network  packet- 
capture  and  protocol  analyzer  from 
China.  Capsa  Enterprise  is  made  by 
Colasoft  and  we  are  very  impressed! 
The  core  features  of  Capsa  Enter- 
INSIDE  THE  prise  provide  real-time  packet  cap- 
NETWORK  ture,  in-depth  protocol  analysis,  auto- 
MACHINE  matic  network-event  diagnosis  and 
reporting.  Beyond  looking  good, 
Mark  Gibbs  what  makes  this  product  stand  out  is 
the  depth  and  range  of  the  ways  it 
analyzes  captured  network  packets. 

Capsa  Enterprise  monitoring  sessions  are  set  up  as  proj¬ 
ects.  A  project  consists  of  the  adapters  to  be  monitored,  the 
filters  used  to  restrict  the  endpoints  and  protocols  that  are 
tracked,  the  diagnosis  analyzers  (routines  that  watch  for 
and  analyze  events  that  are  not  to  specification)  that  are  to 
be  applied,  and  other  options. 

You  can  specify  how  big  Capsa’s  buffer  should  be  and 
whether  the  buffer  is  used  as  a  circular  (ring)  buffer  or  a  lin¬ 
ear  buffer. The  linear  buffer  simply  stops  capturing  packets 
when  the  buffer  is  full,  keeps  the  buffer  and  analyzes  new 
packets  that  then  are  dropped, or  it  dumps  the  entire  buffer, 
keeping  the  stats  gathered  up  to  that  point,  and  starts  refill¬ 
ing  the  buffer. 

While  packet  capture  is  proceeding, you  can  examine  the 
data  from  multiple  viewpoints.The  user  interface  is  divided 


into  a  Project  Explorer  panel  on  the  left  and  a  reporting 
panel  on  the  right. 

In  the  Project  Explorer, you  can  select  the  entire  project  or 
a  project  subset  by  protocol,  by  physical  address  and  by  IP 
address.  Each  of  these  groups  is  broken  down  further.  For 
example,  the  protocol  group  has  Ethernet  II  and  Ethernet 
802.2  subgroups,  of  which  the  former  in  turn  has  IP  Address 
Resolution  Protocol  subgroups.  The  IP  subgroup  has  TCP 

Capsa  Enterprise  is  an 
enormous,  well-engineered, 
technical . . .  product. 

Internet  Group  Management  Protocol,  User  Datagram 
Protocol  and  Internet  Control  Messaging  Protocol  sub¬ 
groups  and  so  on. 

When  you  select  a  group,  a  subgroup  or  a  final  item  (a 
protocol,  a  physical  connection  or  an  IP  address),  the 
reporting  window  displays  the  related  data. You  select  the 
views  of  the  data  by  tabs. 

The  Summary  tab  shows,  for  example,  an  analysis  of  pack¬ 
et  sizes;  and  traffic  inflow  and  outflow  in  bytes,  packets,  uti¬ 
lization,  bits  per  second  and  packets  per  second. 

The  Diagnosis  tab  shows  notable  events,  which  are  classi¬ 
fied  as  notices,  information,  warnings  or  critical  events.  A 
summary  of  events  at  the  top  of  the  pane  is  divided  into 
sections  covering  all  events,  just  application  events,  just 


transport  events,  and  just  network  events  and  listing  each 
observed  type  of  event  and  the  total  times  it  was  seen. 

Clicking  on  an  event  section  or  specific  type  lists  all  ob¬ 
served  events  in  detail  in  a  tabbed  subpane  below  the  sum¬ 
mary  When  an  event  type  is  selected,  a  new  tab  appears  in 
this  subpane  and  shows  the  explanation  of  the  event. 

Double-clicking  on  an  event  will  bring  up  a  protocol- 
decoder  window  that  breaks  the  packets  down  to  bit  level. 

There  are  also  tabs  are  ones  for  analyzing  endpoints,  pro¬ 
tocols  and  conversations,  and  a  list  of  packets  and  logs. 

Capsa  Enterprise  also  includes  Packet  Builder,  which 
helps  you  create  custom  packets,  and  Packet  Player,  which 
transmits  packets.  There’s  also  a  Mac  scanner  and  a  ping 
tool.The  combination  of  Capsa  Enterprise  and  its  bundled 
tools  provides  just  about  all  the  tools  you  need  for  exercis¬ 
es  such  as  intrusion  testing  and  performance  analysis. 

Capsa  Enterprise  pricing  starts  at  $499  for  a  single-user 
license  without  maintenance  (www.nwdocfinder.com 
/6333).A  simpler  Professional  Edition  starts  at  $299  without 
maintenance.  It  supports  only  projects  with  one  Ethernet 
adapter  and  leaves  out  such  features  as  reporting  and 
graphing  (www.nwdocfinder.com/6334). 

Bottom  Line:  Capsa  Enterprise  is  an  enormous,  well- 
engineered,  technical  and  highly  professional  product  that 
provides  almost  everything  you  could  want  for  network 
and  protocol  analysis  and  reporting  at  a  reasonable  price. 

Tell  us  what  you  want  at  gearhead@gibbs.com  or  on 
Gibbsblog. 


GoolTools 


7  The  scoop:  Treo  680,  by  Palm  and  Cingular,  about  $200  (plus 

■ a  monthly  service  and  two-year  agreement) 

What  it  is:  The  latest  smart  phone  (converged  PDA  organizer  and 
cell  phone)  from  Palm  operates  on  the  Cingular  Enhanced  Data  for  Global 
Evolution  (EDGE)  wireless  network,  and  is  aimed  at  consumers  and  business 
users  who  have  feature-rich  cell  phones  but  not  smart  phones.  The  quad-band 
phone  lets  users  make  calls  from  six  continents  —  more  than  190  countries  — 
with  wireless  data  roaming  available  in  more  than  115  countries. 

Users  can  access  their  e-mail  through  Cingular’s  Xpress  Mail  application, 
Microsoft  Exchange  Active  Sync,  Good  Mobile  Messaging  from  Good  Technology, 
and  POP3  or  IMAP  accounts.  Other  features  include  a  1.3-megapixel  digital  cam- 
era-camcorder,  digital  music  player  (via  the  Pocket  Tunes  application),  and  support 
for  theTeleNav  GPS  Navigator  (with  the  use  of  a  separate  Bluetooth  GPS  receiver). 

The  device  runs  Version  5.4.9  of  Palm  OS  and  has  64MB  of  memory  for  user 
storage  and  320-by-320-pixel  resolution.  The  system  includes  Bluetooth  1.2  for 
hands-free  headset  connectivity  and  a  memory  card  slot  for  a  MultiMedia  Card, 
Secure  Digital  (SD)  or  SD  I/O  cards.  The  device’s  removable  and  rechargeable 
lithium-ion  battery  provides  as  much  as  four  hours  of  talk  time  and  as  much  as 
300  hours  in  standby  mode. 

Why  it’s  cool:  Cingular  customers  have  had  to  look  on  with  envy  while  Verizon 
and  Sprint  customers  use  devices  like  the  Treo  700p,  700w  or  700wx.The  Treo  680 
gives  them  the  latest  version  of  the  smart  phone  that  operates  on  Cingular’s  EDGE 
network. The  only  hardware  innovation  is  the  elimination  of  the  antenna  nub  at 
the  top  of  the  device  —  the  antenna  now  is  integrated  into  the  device,  making  the 
Treo  680  slightly  smaller  than  its  Treo  700  cousins. 

Some  caveats:  Because  the  device  connects  to  Cingular’s  EDGE  network  instead 
of  the  higher-speed  Evolution  Data  Optimized  network  from  Sprint  or  Verizon,  aver- 


Shaw  can  be  reached  at  kshaw@nww.com. 
New  Cool  Tools  Video  Show  every  Thursday, 
and  Twisted  Pair  Podcast  every  Friday  at 
www.  networkworld.  com. 


Cingular  plays  catch-up  with  its  Treo 
680  smart  phone. 


Quick  takes  on  high-tech  toys.  Keith  Shaw 


age  download  speeds  were  much 
lower  than  when  1  tested  the  700p 
or  700w  devices.  With  the  Treo  680, 

I  averaged  about  191Kbps,  much 
lower  than  the  820Kbps  I  got  with 
the  700p  on  Sprint’s  network  earlier 
this  year. The  Treo  680  may  appeal  to 
users  who  appreciate  the  lower 
price  and  don’t  mind  the  lower  data 
download  speeds.  For  example, 
users  who  want  just  to  download 
their  e-mails  and  do  some  basic  Web 
surfing  probably  won’t  notice  the 
lower  speeds.  If  they’re  looking  to  do 
multimedia  streaming,  they’ll  notice. 
Still,  this  is  an  upgrade  for  Cingular 
users  from  the  Treo  650,  which  could 
access  only  GSM  and  General  Packet 
Radio  Service  networks. 

Another  disappointment  is  that 
Cingular  offers  only  the  graphite  version 
—  if  you  want  to  get  the  Arctic,  copper 
or  crimson  versions,  you  have  to  buy  an 
unlocked  version  from  Palm  and  transfer 
your  Subscriber  Identity  Module  card. 

Grade:  ★★★  (out  of  five) 
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Experience  the  HP  BladeSystem  and  download  the  IDC  White 
Paper  "Enabling  Technologies  for  Power  &  Cooling." 


Click  www.YouAlwaysHadlt.com/cool4 

Call  1-866-625-4087 
Visit  your  local  reseller 
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Dual-core. 
Do  more. 
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*AOD  T36B  SCSI  soft  DISK  TO  CLIENTS  RAID  5  CONFIG 

*  UPGRADE  CRYPTO  LIBRARIES  ON  SEWERS  C-f 
WITHIN  THE  WW  LORD  BALANCING  CLUSTER 

-o  FOLLOW  UP  WITH  TOM  RE;  OB  CONTROL  PANEL  ERROR 

CALL  B06  RE!  MAIL  SERVER  MAY  NEED  AN  OP&MOE  f 

*  PERFORM  SECURITY  AUDIT  ON  SERVERS  X.YZ- 
DEUUEf?  FULL  REPORT  8Y  8PM 
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YOU'VE  ALWAYS  BEEN 
COOL  UNDER  PRESSURE 


The  HP  BladeSystem  c-Class  with  Thermal  Logic  Technology. 

Thanks  to  our  intuitive  Thermal  Logic  Technology,  now  you  can  assess 
your  power  usage  and  system  temperature  so  you  can  respond  quickly 
to  changing  needs.  The  graphical  thermal  dashboard  provides  you 
with  an  instant  snapshot  of  the  power  consumption,  heat  output  and 
cooling  capacity  of  your  environment  —  all  on  one  screen.  With  the  HP 
BladeSystem,  you'll  have  the  ability  to  lower  power  usage  and  heat 
without  sacrificing  performance. 

Simply  plug  in  the  HP  ProLiant  BL460c  server  blade,  featuring 
Dual-Core  Intel®  Xeon®  Processors,  and  you'll  get  the  performance  and 
versatility  you  need  to  support  32-  and  64-bit  computing  environments. 
Using  the  HP  BladeSystem  for  your  business  will  keep  the  control  exactly 
where  it  should  be  —  in  your  hands. 


Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full  benefit,  check 
with  software  provider  to  determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Requires  a  separately  purchased  64-bit  operating  system  and  64-bit  software  products  to  take 
advantage  of  the  64-bit  processing  capabilities  of  the  Dual-Core  Intel  Xeon  Processor.  Given  the  wide  range  of  software  applications  available,  performance  of  a  system  including  a  64-bit  operating  system  will  vary.  Intel's  numbering  is  noi 
a  measurement  of  higher  performance.  Intel,  the  Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein 
is  subject  to  change  without  notice.  ©2006  Hewlett-Packard  Development  Company,  L.P. 
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Two  industry  experts  debate  the  effect  image  spam  has  on  networks. 


Is  image-based  spam  a  nightmare 
lacing  enterprise  networks? 


Yes 


I 


by  Patrick  Peterson, 

IronPort  Systems 

III  mage  is  everything,”  or  so  the  saying  goes.  For  more  than  1  trillion  spam  mes- 
”  sages  sent  since  April  (yes,  that’s  1 ,000,000,000,000),  image  has  literally  been 
everything.  No  text.no  numbers.no  hyperlinks  in  these  spams;  just  an  image. 
True,  there  are  commercial  solutions  to  combat  this  nightmare,  but  much  of  the  enter¬ 
prise  market  and  most  e-mail  users  worldwide  are  not  yet  protected  by  any  of  these 
solutions.  Some  vendors  believe  their  product  is  the  solution,  but  it’s  not  that  simple  — 
an  enterprise  needs  to  have  the  time  and  budget  to  implement  a  new  solution  to  stop 
the  nightmare.  And  most  users  in  small  businesses,  nonprofits  and  developing  nations 
have  neither  the  staff  nor  budget  for  an  enterprise-grade  solution. 

More  than  15  billion  image  spams  flood  the  Internet  per  day  a  tenfold  increase  since 
2005. The  average  image-spam  message  size  is  50KB,  which  is  10  times  larger  than  con¬ 
ventional  spam.  These  larger  message  sizes,  combined  with  the  increased  spam  vol¬ 
ume,  have  caused  many  fragile  e-mail  infrastructures  to  buckle  under  the  load. 

More  of  this  spam  is  evading  filters  for  two  reasons.  First,  image-spam  advertisements 
consist  of  an  embedded  file  attachment  such  as  a  .gif  or  .jpg  without  any  meaningful 
text  in  the  message.  Most  other  spam  includes  some  meaningful  text  and  a  clickable 
URL  that  spam  filters  can  detect.  Eliminating  many  of  the  common  techniques  used  to 
stop  spam  reduces  catch  rates  and  increases  the  amount  of  spam  arriving  in  the  in-box. 

Second,  recent  technological  advancements  by  spammers  have  increased  image 
spam’s  effectiveness.  The  primary  innovation  involves  randomizing  multiple  copies  of 
an  image  to  appear  the  same  to  the  human  viewer  but  totally  different  to  spam  filters. 
For  example,  spammers  are  sending  spam  with  an  attached  .gif  file  that  has  random 
visual  “dots”  inserted  in  the  image.  Image  colors,  the  width  and  pattern  of  the  border 
and  font  style  also  are  used  to  randomize  the  image.  In  all  of  these  cases,  the  image 
appears  the  same  to  the  user,  but  its  checksum  is  different.  More  spam  evading  filters 
results  in  more  spam  landing  in  in-boxes,  reducing  employee  productivity  and  increas¬ 
ing  IT  staff  workload. 

Image  spam  also  portends  more  dark  days  ahead  for  the  Internet:  Sophisticated  crim¬ 
inals  will  continue  to  launch  an  endless  stream  of  profitable,  damaging  attacks.  The 
image-spam  attacks  urging  recipients  to  buy  penny  stocks  have  made  the  spammer 
rich' Spammers  buy  the  shares  at  a  low  price  and“spamvertise”the  stock;  recipients  buy 
the  shares, driving  up  the  stock  price;  then  the  spammers  sell  their  orig¬ 
inal  shares  for  a  quick  profit.  These  criminals  are  capable  of  building 
sophisticated  imagine-randomizing  and  spam-sending  systems,  launch¬ 
ing  billions  of  spams  and  investing  their  own  capital  in  the  public, heav¬ 
ily  regulated  stock  markets.  Angry  users  and  e-mail  outages  are  mere 
collateral  damage  to  them.  When  this  scam  stops  working,  they  will 
move  on  to  the  next  one.  Those  who  ignore  what  image  spam  attacks 
bode  for  our  future  do  so  at  their  own  peril. 


No 


s 


Peterson  is  vice  president  of  technology  for  IronPort.  He  can  be  reached 
at  ppeterson@imnport.com. 
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Get  into  the  debate 

Log  on  to  Network  World  to  voice  your 
opinion.  Face-off  authors  Patrick 
Peterson  and  John  Veizades  will  add  their 
thoughts  to  the  discussion. 

www.nwdocfinder.com/6321 


by  John  Veizades, 

Mirapoint 

pam  is  a  continually  evolving  threat.  Randomized  image  spam  is  just  the  latest 
mutation  in  a  long  line  of  techniques  used  by  spammers  to  thwart  the  defenses 
put  in  place  by  the  antispam  community  What’s  different  about  image  spam  is 
that  most  traditional  antispam  techniques  have  failed  to  offer  an  effective  means  to 
thwart  it.  Consequently  the  volume  of  image  spam  has  increased.  Because  image-spam 
messages  tend  to  be  larger  than  traditional  spam,  more  network  and  disk  utilization 
must  be  devoted  to  them.  Understandably  this  is  an  alarming  turn  of  events,  but  there 
is  no  reason  to  be  overly  concerned  by  the  image-spam  threat  if  you  have  the  correct 
reactive  solution  in  place  at  the  edge  of  your  network. 

To  combat  image  spam  successfully  a  product  requires  three  capabilities.  First,  it  must 
block  unwanted  messages  as  soon  as  possible.The  blocking  system  must  use  IP  address- 
based  reputation  and  SMTP  behavior  to  decide  whom  to  block  and  whom  to  let 
through.  The  reputation  system  must  understand  how  a  particular  sending  IP  address 
behaves  in  a  global  context  and  adapt  in  real  time  to  changes  in  sending  behavior. Using 
these  connection-management  techniques,  as  much  as  80%  of  inbound  spam  can  be 
stopped  before  it  places  a  load  on  your  network  and  email  systems. 

Second,  the  product  must  identify  suspected  messages  as  spam.  Systems  that  rely  on 
lexical  analysis  of  messages  fall  short,  because  there  is  no  consistent  text  in  image 
based  spam.  Systems  that  rely  on  matching  similar  messages  throughout  a  collection 
system  also  fall  short,  because  no  two  image-spam  messages  are  identical.  In  addition, 
some  antispam  mechanisms  use  optical  character  recognition  techniques  to  try  to 
extract  text  from  image-spam  messages.  Unfortunately  the  overhead  and  accuracy 
required  renders  this  solution  ineffective  for  most  companies. To  be  effective,  an  anti¬ 
spam  solution  must  observe  the  behavior  of  message  senders  and  the  messages  they 
send  in  a  global  context,  identifying  patterns  of  behaviors  for  these  senders  and  sepa¬ 
rating  legitimate  senders  and  messages  from  spammers  and  spam. 

Finally  the  product  needs  controls  that  allow  users  to  select  what  they  believe  to  be 
legitimate  messages  and  those  that  are  spam.  No  solution,  however  sophisticated,  can 
stop  100%  of  spam  without  eventually  stopping  a  piece  of  legitimate  mail.  An  edge  e- 
mail  hygiene  solution  should  allow  users  to  manage  the  messages  that  have  been  iden¬ 
tified  as  potential  spam. 

Will  image  spam  be  around  for  the  long  term,  and  will  the  volume  of 
these  messages  increase  overtime?  Of  course  —  spammers  have  found 
an  effective  way  to  get  their  message  in  front  of  users,  and  the  gains  are 
substantial.  Fortunately,  there  are  solutions  that  can  provide  effective 
defenses  against  these  emerging  threats.The  challenge  is  not  for  the  e- 
mail  administrators,  but  for  the  email  hygiene  vendors;  we  must  con¬ 
tinue  to  innovate  and  perfect  our  products  so  that  we  are  always  one 
step  ahead  of  the  spammers. 


Veizades  is  Mirapoint  s  senior  product  line  manager  for  RazorGate.  He 
can  be  reached  at  jveizades+netw@mirapoint.com. 
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Do  you  know  what's  hiding  in  your 
encrypted  SSL  traffic? 

SSL  Web  encryption  is  indispensable  for  today's  businesses,  but  organizations  with  an 
open  port  443  (HTTPS  tunnel)  on  their  firewalls  are  left  with  a  major  security  hole  wide 
open  in  their  network.  Traditional  firewalls  and  gateway  anti-virus  solutions  can't  scan 
encrypted  traffic,  and  therefore  viruses  and  malware  could  be  getting  in,  and  confidential 
information  could  get  out.  These  tunnels  are  an  open  door  for  hackers  and  malicious 
content. 

The  Webwasher®  SSL  Scanner  from  Secure  Computing®  eliminates  this  blind  spot  in  your 
network. The  Webwasher  SSL  Scanner  temporarily  decrypts  all  inbound  and  outbound 
SSL  traffic  at  the  gateway  for  scanning  by  Secure's  industry  leading  proactive  security 
Anti-Malware  solution.  It  then  re-encrypts  the  content  and  directs  it  to  the  intended 

recipient. 


Webwasher  is  available  as  a  Gateway 
Appliance  or  as  a  software  application. 


URL  Filter 
Anti-Virus 

Anti-Spam 

Anti-Malware 

SSL  Scanner 

Content 
Reporter 

JT  IM  Filter 


To  learn  how  to  keep  your  networks  protected  and  secure,  read  our  white  paper 

Eliminate  your  SSL  Blind  Spot:  The  solution  to  managing — and  securing — HTTPS  traffic  at: 
http://www.securecomputing.com/goto/sslblindspot_ad 


SECURE’ 

COMPUTING 


Messaging  Gateway  Security 

-  CipherTrust  IronMail™ 

-  CipherTrust  Edge™ 

-  CipherTrust  IronIM™ 

-  CipherTrust  IronNet™ 

-  CipherTrust  Radar™ 


Web  Gateway  Security 

-Webwasher* 

-  SmartFilter* 


Network  Gateway  Security 

-  Sidewinder  GT 
-CyberGuard  TSP 

-  SnapGear™ 


Identity  &  Access  Management 

-  SafeWord  * 

-  SafeWord"  SecureWire’ 


©2006  Secure  Computing  Corporation.  All  rights  reserved. 
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Voice  over  IP  can  cut  costs,  but  it’s  the  innovative  converged  applications 
that  have  these  customers  raving  about  their  productivity  gains. 


WHEN  IT  COMES  TIME  TO  JUSTIFY  A  MOVE  TO  VOICE  OVER  IP  (VOIP),  cost  savings  no  longer  top 
the  list.  Instead,  today’s  users  say  it’s  a  new  crop  of  VOIP-enabled  applications  that  seal  the  deal. 

In  the  past,  companies  considering  VOIP  would  justify  the  move  based  on  reductions  in  long-distance  bills, 
saving  on  moves,  adds  and  changes,  and  easier  management  from  a  single  network  infrastructure.  Although 
those  benefits  are  still  important,  today’s  users  say  a  bigger  factor  is  applications  that  promise  unprecedented 
productivity  gains. 

“A  lot  of  companies  implement  voice  over  IP  to 
save  on  long-distance  calling  and  things  like  that," 
says  Fran  Lorion,  CIO  for  the  Visiting  Nurse 
Association  (VNA)  of  Boston  based  in 
Charlestown,  Mass.  “That  was  never  an  issue 
for  us." 

Instead,  the  VNA’s  new  Shoretel,  Inc.  VOIP  sys¬ 
tem  let  the  organization  dump  a  costly  Centrex  con¬ 
tract,  while  at  the  same  time  implement  a  new 
application  that  increases  productivity  and  allows 
staffers  to  provide  better,  more  personalized  patient 
care. 

“Before  the  VOIP  system  was  in  place,  it  would 
literally  take  5  or  1 0  minutes  to  handle  a  patient 
call,"  Lorion  says.  Receptionists  needed  to  answer 
the  call,  enter  the  patient's  name  into  the  computer 
system,  find  a  match  in  the  patient  database,  and 
go  back  to  the  caller  to  verify  the  ID.  Since  many  of 
the  VNA's  patients  speak  English  as  a  second  lan¬ 
guage,  the  process  tended  to  become  even  more 
complicated. 

The  new  VOIP  system,  however,  links  directly  with 
the  patient  database.  The  system  takes  each  call, 
links  up  the  caller  ID  information  with  the  corre¬ 
sponding  entry  in  the  patient  database,  and  delivers 
a  screen  of  patient  information  to  the  receptionist  - 
even  before  the  call  rings. 

That  screen  of  information  includes  the  nurses 
assigned  to  the  patient,  the  specific  nursing  team 
and  the  manager  of  that  team,  as  well  as  contact 
information  for  those  staffers. 

“Everything  that  patient  may  want  to  do  -  talk  to  a 
nurse,  a  manager  or  whatever  -  the  information’s  all 
available  right  on  this  screen,”  Lorion  explains.  “So 
now,  the  receptionist  can  answer  the  phone  call  by 
saying,  ‘Hi  Mary  Jones,  how  are  you  doing  today? 

What  can  we  do  for  you?'  And  the  time  it  takes  to 
handle  a  call  has  gone  from  [as  much  as]  1 0  min¬ 
utes  to  just  30  seconds  on  average.” 


•••••• 
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That’s  a  huge  productivity  boost  for  staffers  who 
handle  nearly  300  calls  per  day.  “The  receptionists 
love  it,”  Lorion  says.  “They  now  have  the  ability  to 
focus  where  they  really  want  to  focus,  which  is  on 
patient  care.” 


“The  time  it  takes  to  handle  a 
call  has  gone  from  [as  much 
as]  10  minutes  to  just  30  sec¬ 
onds  on  average,”  says  Frank 
Lorion  of  the  Visiting  Nurse 
Association  (VNA)  of  Boston  of 
his  new  VOIP  solution. “[Receptionists]  now  have 
the  ability  to  focus  where  they  really  want  to 
focus,  which  is  on  patient  care. 


Era  of  unified  communications 

Experts  say  the  VNA’s  experience  is  not  unique. 

As  more  organizations  move  to  VOIP,  new  produc¬ 
tivity  enhancing  applications  -  especially  those 
based  on  real-time  and  presence-based  capabilities 
-  are  becoming  increasingly  important. 

“We’re  moving  to  a  new  stage  of  unified  commu¬ 
nications  that  enable  business  processes  to  hap¬ 
pen  more  quickly  and  effectively.  It’s  about  connect¬ 
ing  people  with  people  -  no  matter  what  device 
they  use  or  where  they’re  located  -  vs.  just  picking 
up  a  phone,”  says  Elizabeth  Herrell,  vice  president 
at  Forrester  Research,  in  Cambridge,  Mass.  These 
new  applications  include  everything  from  VOIP- 
over-wireless  solutions  to  global  presence-based 
applications  that  ensure  users  reach  the  right  per¬ 


son  at  the  right  time  via  the  right  communications 
method.  “The  key  is  to  reach  people  in  real-time, 
and  that’s  what  VOIP  enables." 

According  to  Forrester,  more  organizations  are 
beginning  to  see  the  VOIP  light.  In  March 
2006,  Forrester  surveyed  714  decision-makers 
at  North  American  and  European  enterprises 
about  their  approach  to  IP  telephony  and  found 
that  45%  of  enterprises  surveyed  had 
deployed  or  were  currently  deploying  VOIP, 
while  another  30%  were  evaluating  or  piloting 
the  technology.  In  addition,  more  than  half  of 
enterprises  surveyed  said  they  planned  to 
increase  spending  on  VOIP  in  2006. 

These  numbers,  along  with  the  fact  that  two 
out  of  every  three  phones  shipped  in  North 
America  in  2007  will  be  IP  phones,  shows  that 
VOIP  is  no  longer  considered  a  new,  untried  tech¬ 
nology  and  that  organizations  are  ramping  up  imple¬ 
mentations  fairly  quickly,  Herrell  says.  “We  have 
gone  past  the  start-up  phase  to  full  user  adoption, 
and  we’re  beginning  to  see  these  new  applications 
as  a  result.” 

Boosting  productivity  with  presence 

Perhaps  the  most  important  feature  of  VOIP  in 
terms  of  productivity  applications  is  its  ability  to 
detect  presence.  With  many  solutions,  IP  phone 
users  can  make  known  their  availability  and  the  best 
method  to  reach  them  at  any  given  time.  As  calls 
come  in,  they  are  automatically  routed  via  the  best 
method  -  be  that  the  recipient’s  office  phone, 
home  phone,  PDA  or  cellphone. 

“That’s  been  a  big  benefit  here  at  Pepsi,"  says  Jim 
Bare,  IT  manager  at  Pepsi-Cola  Bottling  Co.  in 
Hickory,  N.C.  With  the  help  of  Vernon  Hills,  III.- 
based  systems  integrator  CDW,  Inc.,  Pepsi  imple¬ 
mented  an  Avaya  VOIP  network  to  link  up  its  four 


5  VOIP-enabled 
features  that  offer  true 
business  benefits 

Collaborative  communications  applications 
offer  benefits  including  faster  time-to-market, 
improved  customer  response  times,  and  individ¬ 
ual  employee  productivity  improvements.  Here 
are  five  key  features  to  look  for,  according  to 
Forrester  Research: 

•  Improved  user  interface.  Point-and-click 
interfaces  let  users,  from  the  desktop,  initiate  out¬ 
bound  telephone  calls  and  set  up  conference 
calls,  greatly  improving  productivity. 

•  Presence.  Employees  can  see  the  status  of 
a  coworker,  reducing  the  need  to  send  redundant 
messages  across  several  devices. 

•  Group  presence.  This  feature  facilitates 
meeting  scheduling  among  team  members  and 
allows  workers  to  schedule  impromptu  meetings 
as  needed. 

•  Unified  messaging.  Employees  get  one 
source  for  their  messages  and  do  not  need  to 
retrieve  the  same  message  from  voicemail,  IM, 
cell  phones  and  e-mail. 

•  Advanced  conferencing.  The  ability  to  nav¬ 
igate  easily  from  audio,  Web,  and  video  confer¬ 
encing  meetings  during  a  single  session  pro¬ 
motes  faster  problem  resolution  and  could 
reduce  travel  costs. 

SOURCE:  “How  to  justify  IP  communications 
costs,”  Feb.  28,  2006,  Forrester  Research, 
Cambridge,  Mass. 


-  niiimii  wmMii  umiii'i  i  i  ii  mi«  nwnmimi  

Assess,  monitor,  manage,  optimize:  Fluke  Networks  does  it  all 


s  organizations  deploy  voice  over  IP  (VOIP) 
on  their  data  networks  alongside  other  mis¬ 
sion-critical  applications,  they  quickly  find  that 
their  data-centric  management  tools  are  not  up  to  the 
task  of  assessing,  monitoring,  managing  and  optimiz¬ 
ing  VOIP  performance  from  end  to  end. 

Most  IP  management  tools  have  a  “silo"  mentality  in 
that  they  concentrate  solely  on  either  the  voice  side  or 
the  data  side,  or  on  only  one  area  of  a  converged  net¬ 
work  —  be  it  the  infrastructure,  the  LAN  or  the  WAN. 

Fluke  Networks  is  a  different  story.  With  its  recent 
Visual  Networks  acquisition,  Fluke  Networks  now 
offers  a  comprehensive  set  of  tools  aimed  at  ensuring 
success  through  every  stage  of  the  VOIP  lifecycle. 

A  CLEAR  ASSESSMENT 

Many  PBX  vendors  refuse  to  sell  equipment  to  users 
that  have  not  performed  a  proper  network  assessment 
to  ensure  that  the  infrastructure  can  support  VOIP 
along  with  mission-critical  data  applications. 

Fluke  Networks  offers  end  users  a  choice  of  tools  for 
the  job.  Its  VOIP  Planner  appliance  generates  synthet¬ 
ic  VOIP  calls  to  let  end  users  —  prior  to  deployment  — 


determine  how  the  network  will  perform  under  VOIP 
loads.  In  addition,  the  company  offers  granular  moni¬ 
toring  tools  that  ensure  the  network  has  adequate 
bandwidth  in  place  to  support  anticipated  VOIP  usage. 

MONITOR,  MANAGE,  OPTIMIZE 

Once  the  VOIP  network  is  up  and  running,  Fluke 
Networks  tools  enable  users  to  proactively  monitor 
and  track  service  quality  to  ensure  that  any  problems 
are  identified  and  repaired,  even  before  end  users 
notice  a  problem.  The  company’s  Visual  UpTime 
Select  monitors  both  the  data  and  voice  side  of  a  con¬ 
verged  network,  enabling  users  to  easily  see  —  on  one 
screen  —  not  only  how  voice  is  impacting  data  quality, 
but  how  spikes  in  data  application  usage  could  lead  to 
VOIP  service  degradation. 

Additional  Fluke  Networks  tools  let  users  quickly 
pinpoint  and  remediate  problems.  The  firm’s  NetTool 
Inline  Tester  uncovers  physical  layer  issues,  such  as 
faulty  VOIP  phones  or  connections,  its  Link  Analyzer 
and  Protocol  Expert  tools  handle  LAN  and  VLAN 
troubleshooting,  while  Visual  UpTime  Select  pinpoints 
WAN  problems.  The  tools  also  provide  a  historical 


view,  a  key  to  solving  intermittent  network  problems. 
With  Visual  UpTime  Select,  for  example,  users  can  drill 
down  into  the  actual  call  detail,  even  if  the  call 
occurred  weeks  ago. 

In  short,  Fluke  Networks  provides  all  the  necessary 
solutions  to  successfully  manage  the  complete  life- 
cycle  of  a  VOIP  implementation,  from  the  edge  to  the 
core.  Rather  than  making  the  costly  mistake  of  just 
throwing  bandwidth  at  a  problem,  the  Fluke  Networks 
toolset  enables  end  users  to  make  informed  decisions 
about  how  best  to  optimize  their  infrastructure  to 
ensure  top  quality  -  for  both  voice  and  data. 

FLUKE 

networks * 

•  •  •  •  • 

Learn  more  about  Fluke  Networks’  lineup 

of  VOIP  planning  and  management  tools. 

Visit  www.flukenetworks.com 


Nobody  can  manage  your  VoIP  Performance^^ 
converged  environment  tike  FLuke  Networks.®2 


Call  Oeta\b 


- 


Get  insight  into  your  network  in  48  hours. 
Register  at  www.flukenetworks.com/48hrs. 
Hurry,  this  offer  ends  March  30,  2007. 


Give  us  48  hours  to  do  a  free,  no  strings  attached, 
assessment  of  voice  and  data  performance  in  your 
converged  network  and  see  for  yourself. 

Ever  wonder  how  voice  and  data  traffic  are  coexisting 
in  your  infrastructure  and  how  one  may  be  affecting  the 
performance  of  the  other?  As  the  only  vendor  to  provide 
edge-to-core  visibility  of  VoIP,  data  applications  and 
the  general  network  infrastructure,  we'd  like  to  give  you 
insight  that  you've  never  seen  before  through  this  limited 
time  special  offer. 

Having  network,  application,  and  VoIP-specific 
analytics  allows  you  to  clearly  see  how  data  traffic  is 
affecting  call  quality,  and  how  VoIP  traffic  is  affecting 
data  quality,  a  significant  advantage  over  products  that 
look  only  at  voice.  This  is  critical  to  enterprise  perfor¬ 
mance  management  as  voice  and  data  converge,  since 
each  has  the  potential  to  impact  the  other  across  the 
LAN,  WAN,  and  multi-tier  network  environments. 
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ADVERTISEMENT 


sites  throughout  the  state.  As  part  of  the  rollout, 
Pepsi  put  in  a  state-of-the-art  Multi-Protocol  Label 
Switching  (MPLS)  network  that  ensures  each  call 
has  optimum  quality  of  service  and  reliability. 

“With  the  Avaya  system,  each  phone  operator  has 
what’s  like  a  command  and  control  center,”  Bare 
says.  “They  can  see  if  people  are  on  the  phone,  and 
they  can  see  the  best  way  to  reach  someone."  Pepsi 
strives  to  maintain  a  human  touch,  and  understands 
how  aggravating  automated  attendants  can  some¬ 
times  be.  “We  want  our  customers  to  talk  to  a 
human  when  they  call  during  normal  office  hours, 
and  that’s  what  the  VOIP  system  enables." 

Office  managers  at  the 
remote  locations  tell  me 
they  feel  like  they’re  clos¬ 
er  to  the  corporate  office 
now  because  they  can  just 
pick  up  the  phone,  dial  a 
4-digit  extension  and  reach  someone,”  says  Jim 
Bare  of  Pepsi-Cola  Bottling  Co.  “Everyone  now 
feels  like  they’re  more  a  part  of  the  team. 

In  addition  to  boosting  sales  by  streamlining  the 
handling  of  outside  calls,  Pepsi’s  new  VOIP  net¬ 
work  also  increases  productivity  for  staffers  internal¬ 
ly.  Prior  to  the  move,  each  site  needed  to  dial  an 
intra-state  long-distance  call  to  reach  the  Hickory 
headquarters  or  another  remote  office.  With  VOIP 
and  the  MPLS  network,  staffers  need  only  dial  a  4- 
digit  extension.  All  internal  calls  ride  over  the  IP  net- 


Beware  hidden  VOIP  costs 


Organizations  need  to  keep  an  eye  on  these 
often-overlooked  expenses  when  cost-justifying  a 
move  to  VOIP. 

•  Hardware  costs  beyond  the  network 
upgrade.  Data  network  upgrades  required  for  IP 
telephony  are  dependent  on  the  choice  of  a  vendor 
and  its  network  requirements.  Many  include  gear 
such  as  gatekeepers,  to  address  translations 
across  the  LAN,  and  media  gateways,  to  support  IP 
station  equipment  and  trunks.  Additionally,  routers 
and  older  switches  often  need  replacement  to  sup¬ 
port  voice  traffic.  In  many  cases,  the  cost  to 
upgrade  the  data  network  is  twice  the  cost  of  the 
VOIP  solution. 

•  Professional  services.  Implementation  of  IP 
communications  includes  initial  system  design  to 
post-cutover  support.  Outside  expertise  is  often 
needed  and  costs  for  these  services  may  be  one  to 
two  times  the  equipment  replacement  costs. 

•  Monitoring  tools.  Voice  traffic  requires  qual- 
ity-of-service  (QoS)  software  to  prioritize  voice 


traffic  and  prevent  latency  and  disruption.  Vendors 
also  recommend  VLANs  to  separate  voice  and 
data  traffic.  Good  monitoring  tools,  as  well  as  call 
monitoring  and  accounting  software,  may  also  be 
needed  to  provide  information  on  the  current  net¬ 
work  operations. 

•  Cabling  upgrades.  In  older  facilities,  where 
existing  cabling  is  not  CAT  5  or  higher,  new  cable 
runs  are  necessary  to  support  converged  voice  and 
data.  In  older  facilities,  cable  replacement  is  often  a 
major  undertaking. 

•  Additional  power  sources.  IP  requires  addi¬ 
tional  sources  of  power  to  support  desktop  and 
LAN  equipment,  perhaps  including  in-line  power  or 
external  adapters.  Additionally,  customers  can  incur 
new  expenses  from  ventilation,  air  conditioning 
(HVAC),  insurance  and  floor  space. 

SOURCE:  “How  to  justify  IP  communications 
costs,”  Feb.  28,  2006,  Forrester  Research, 
Cambridge,  Mass. 


work,  saving  not  only  time,  but  the  cost  of  those 
intra-state  calls. 

“In  North  Carolina,  intra-state  long-distance  calls 
are  pretty  expensive,"  says  Rich  Korn,  senior  voice 
and  data  group  specialist  at  CDW.  “Now  Pepsi  can 
make  all  of  those  calls  at  no  charge.  It’s  a  big 
change.” 

But  cost  savings  isn’t  the  primary  benefit,  Bare 
says.  “Office  managers  at  remote  locations  tell  me 
they  feel  like  they're  closer  to  the  corporate  office 


now  because  they  can  just  pick  up  the  phone,  dial 
a  4-digit  extension  and  reach  someone,”  Bare  says. 
“I  didn’t  expect  that  out  of  this,  but  everyone  now 
feels  like  they're  more  a  part  of  the  team.  That’s  a 
good  thing  for  the  company  overall." 

Other  organizations  making  strong  use  of  VOIP's 
presence-based  features  are  finding  those  benefits 
even  more  critical  when  used  in  a  global  scenario. 
America-Mideast  Educational  and  Training  Services 
Inc.  (AMIDEAST)  is  a  private,  nonprofit  organization 


Siemens  HiPath  8000:  The  future  of  IP  convergence  today 


ost  voice-over-IP  (VOIP)  solutions  today  fail 
to  deliver  on  the  original  promise  of  conver¬ 
gence.  Rather  than  fostering  open  communications 
across  a  variety  of  IP  networks,  users  end  up  with 
proprietary  systems  that  tie  them  to  a  single  ven¬ 
dor's  product  suite. 

The  Siemens  HiPath  8000,  however,  is  a 
truly  open  IP  communications  system.  A 
server-based  softswitch  with  native  Session 
Initiation  Protocol  (SIP)  support,  the  HiPath 
8000  can  run  on  any  hardware,  with  any  gateway 
or  network  device,  and  on  any  IP  network.  A 
software-only  solution,  it  enables  end  user 
customers  and  service  providers  to  deploy  and 
manage  communications  from  a  single  data 
center  for  up  to  100,000  users  per  system. 
Additionally,  a  version  for  small  and  midsize 
businesses  is  due  out  in  mid-2007,  designed  to  sup¬ 
port  as  few  as  300  users. 

The  HiPath  8000  is  designed  to  run  on  highly 
reliable,  fault-tolerant  industry-standard  servers 
and  includes  hardware  error  management  features 


that  enable  it  to  far  exceed  the  reliability  delivered 
by  today’s  enterprise  IP  PBX  solutions. 

“The  HiPath  8000  really  delivers  on  the  promise  of 
convergence,”  says  Mark  Straton,  senior  vice  presi¬ 
dent  of  global  product  marketing  at  Siemens 
Enterprise  Communications.  “Its  native  SIP  support 
ensures  that  it  can  handle  an  enterprise's  communi¬ 
cations  needs  today  while  positioning  them  solidly  for 
the  future.” 

Today,  for  example,  customers  can  use  Siemens 
OpenScape,  an  open,  presence-aware,  real-time 
communications  software  suite,  to  quickly  connect 
people  and  information  from  any  location.  As  carriers 
and  others  roll  out  more  native  SIP  support,  pres¬ 
ence-aware  application  options  will  multiply  for 
HiPath  8000  users. 

AN  ELEGANT  MIGRATION  PATH 

The  HiPath  8000  also  ends  the  rip  and  replace 
mentality  that  is  the  hallmark  of  traditional  telepho¬ 
ny  upgrades.  It  allows  organizations  to  move  to  the 
new  communications  paradigm  one  software 


license  at  a  time,  gradually  bringing  new  users  and 
locations  on  board  while  their  traditional  systems 
remain  in  use. 

And  because  of  its  revolutionary  architecture,  the 
HiPath  8000  offers  enterprises  a  far  more  attrac¬ 
tive  total  cost  of  ownership  scenario.  A  study  con¬ 
ducted  by  an  independent  solution  provider  with 
extensive  experience  in  selling  and  installing  VOIP 
systems  manufactured  by  today’s  industry  leaders 
found  that  of  all  the  alternatives  studied  -  tradition¬ 
al  PBX,  IP  PBX,  managed  IP  PBX  and  the 
HiPath  8000  -  the  Siemens  HiPath  8000  garnered 
the  best  overall  TOO  and  lowest  operational 
costs  of  any  alternative,  with  most  users  realizing 
1 5%  to  25%  savings. 

SIEMENS 

Learn  more  about  the  HiPath  8000.  Visit 

http://enterprise.siemens.com/open/us 


■■■■■■■■■■■■■■■■Hi 


Bada  Bing. 

When  you  deploy  unified  communications  across  your  entire  enterprise, 
everyone  wins.  Faster  decisions.  Increased  efficiency.  A  better  bottom 
line.  And  a  simple  path  from  here  to  there  that  sustains  the  value  of  your 
technology  investments.  How?  Only  Siemens  delivers  award-winning 
unified  communications  using  an  open  approach.  So  you  can  dramatically 
accelerate  your  business  while  leveraging  existing  technology  investments. 
Open  Communications  from  Siemens.  Get  ready  to  profit. 


Communication  for  the  open  minded 
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that  works  to  establish  mutual  understanding  and 
cooperation  between  U.S.  residents  and  those  of 
the  Middle  East  and  North  Africa. 

Because  AM iD EAST’S  sites  are  located  through¬ 
out  the  world,  in  different  time  zones,  and  in  many 
cases,  open  for  business  on  different  working  days, 
staffers  were  finding  it  difficult  to  reach  each  other, 
schedule  conference  calls  and  perform  other  tasks 
that  required  input  from  its  global  work  force. 

Plus,  the  high  cost  of  international  calling  was  a 
burden  to  the  organization.  “Most  of  the  time,  peo¬ 
ple  avoided  making  international  calls  entirely 
because  of  the  cost,”  which  ranged  anywhere  from 
$4  to  $9  a  minute,  says  Ugur  Usumi,  director  of  IT 
at  AMIDEAST.  “When  people  did  try  to  call  each 
other,  because  of  the  time  zone  differences  they 
often  wasted  time  and  money  in  failed  attempts  to 
contact  team  members  overseas." 

The  organization  implemented  a  VOIP  system 
based  on  the  Siemens  HiPath  8000,  a  server- 
based  IP  communications  solution,  along  with 
Siemens’  OpenScape  real-time  communications 
and  collaboration  software  suite,  and  saw  immedi¬ 
ate  results. 

Since  OpenScape  is  integrated  with  Microsoft 
Live  Communications  Server,  it  extends  presence- 
based  communications  to  video,  instant  messaging 
and  e-mail,  as  well  as  voice.  With  the  new  system  in 
place,  employees  no  longer  waste  time  and  money 
playing  long-distance  phone  tag,  Usumi  says,  which 
has  reduced  the  monthly  long-distance  bills  by 
about  $1 ,000. 

“It’s  easier  to  get  hold  of  each  other  because  of 
features  like  preferred  device,”  Usumi  says.  “No 
matter  where  someone  is,  if  you’re  trying  to  reach 
him  you  just  click  on  the  person’s  name  and  it  will 
find  him  on  the  preferred  device.”  That  means  users 
are  more  easily  accessible,  even  when  traveling, 


NEC  Unified:  Giving 

Small  and  midsize  businesses  (SMB)  stand  to  reap 
meaningful  gains  from  moving  to  voice  over  IP 
(VOIP).  From  the  reduced  costs  inherent  in  using  a 
single  network  for  both  voice  and  data,  to  the  ability  to 
cost-effectively  support  business-critical  applications, 
such  as  state-of-the-art  call  center  and  communica¬ 
tions  applications,  VOIP  offers  SMBs  large  company 
benefits  at  affordable  prices. 

Making  the  transition  to  VOIP  can  be  a  complex 
endeavor,  however,  and  small  business  owners  rarely 
have  the  time  to  become  convergence  experts.  That  is 
where  NEC  Unified  can  help. 

NEC  Unified  has  extensive  experience  in  designing, 
installing  and  implementing  enterprise  communica¬ 
tions  systems  around  the  world,  and  it  can  proactively 
support  small  businesses  as  they  determine  the  best 
use  of  VOIP  in  their  organizations.  For  those  not  ready 
to  take  the  plunge  into  a  pure-IP  environment,  NEC’s 
VOIP  products  make  possible  hybrid  solutions  with 
1 00%  investment  protection. 

NEC  provides  a  full  range  of  products  and  services 
I  to  ensure  IP  success.  These  include: 


and  employees  no  longer  have  to  keep  track  of  mul¬ 
tiple  phone  numbers  for  the  same  individual. 

Emergency  presence 

While  productivity  increases  and  improved  staffer 
communications  are  great  benefits,  for  some  orga¬ 
nizations  presence  capabilities  are  even  more 
important  -  literally  a  matter  of  life  and  death. 

St.  Petersburg  College  in  St.  Petersburg,  Fla., 
implemented  a  VOIP  network  from  NEC  Unified,  Inc. 
throughout  its  campus  on  the  West  Coast  of  Florida. 
The  college  originally  based  the  network  on  hybrid 
IP/TDM  PBXs  placed  throughout  campus,  but  is 
now  planning  a  move  to  NEC’s  second-generation 
VOIP,  consisting  of  the  NEC  Univerge7000  server¬ 
centric  IP  communications  platform  integrated  with 
Cisco’s  Call  Manager  unified  management  solution. 
As  part  of  the  move,  the  college  integrated  its  cam¬ 
pus-based  E91 1  system  with  the  VOIP  network. 

"We  have  a  multi-campus  college,  and  each  cam¬ 
pus  has  multiple  buildings,”  explains  Conferlete 
Carney,  vice  president  of  information  systems,  busi¬ 
ness  services,  budgets  and  planning  at  the  school. 

“If  you  have  an  emergency  in  one  building  and  you 
dial  911,  the  city’s  91 1  center  can’t  pinpoint  your 
exact  location.  They  just  know  it’s  at  the  college." 

With  the  VOIP  system  integration,  however,  if  a 
student  or  faculty  member  dials  91 1 ,  not  only  is  the 
exact  building  and  even  classroom  location  informa¬ 
tion  passed  along  with  the  call,  but  campus  security 
is  immediately  conferenced  into  the  same  call  as  it 
goes  out  to  the  city’s  91 1  staff. 

"So  if  91 1  dispatches  either  fire,  police  or  whatev¬ 
er  emergency  services  are  required  by  the  situation, 
they  will  know  exactly  where  to  go  on  a  campus, 
and  our  campus  security  can  be  ready  to  assist,”  he 
says.  “In  an  emergency  situation,  those  saved  sec¬ 
onds  become  very  important." 

SMBs  the  VOIP  edge 

•  IP  telephony  solutions.  NEC’s  Univerge 
SV7000  Multiple-Purpose  System  (MPS)  is  a  pure-IP 
PBX  designed  specifically  for  companies  with  50  to 
500  VOIP  users.  In  addition  to  delivering  standard 
telephony  features,  the  Univerge  SV7000  MPS  pro¬ 
vides  the  ability  to  support  converged  architecture 
applications,  such  as  unified  communications,  pres¬ 
ence,  collaboration  and  soft  phones. 

•  Professional  services.  NEC  helps  mitigate  the 
operational  issues  surrounding  VOIP  by  offering  not 
only  onsite  maintenance,  but  network  design  and 
implementation,  proactive  performance  management 
and  fault  resolution,  multi-application  support  and  a 
24x7  help  desk  —  all  through  a  single  point  of  contact. 

•  IP  assessments.  To  help  SMBs  get  the  optimal 
value  from  a  VOIP  deployment,  NEC  Unified  offers 
several  pre-deployment  assessment  services,  from  a 
simple,  inexpensive  pass/fail  assessment  called  IP 
Redicheck  to  a  full-blown  IP  telephony  assessment 
that  identifies  specific  problems  and  makes  recom¬ 
mendations  for  resolution. 

•  Managed  services.  NEC  Unified  also  offers 


Carney  is  also  impressed  with  the  disaster  recov¬ 
ery  capabilities  inherent  in  a  strong  VOIP  infrastruc¬ 
ture.  The  school  has  set  up  a  disaster  recovery  site 
at  a  sister  school  about  two  hours’  drive  away  from 
St.  Petersburg.  As  part  of  the  VOIP  rollout,  Carney 
linked  the  sister  school  directly  to  the  St. 

Petersburg  network  via  a  private  T-1 .  Now,  when 
staffers  need  to  relocate  to  the  disaster  recovery 
site,  establishing  communications  is  as  simple  as 
carrying  a  phone  to  the  site  and  plugging  it  in. 

“So  36  hours  before  a  storm  hits  our  area,  we 
activate  our  disaster  recovery  plan,”  Carney  says. 
The  technical  team  packs  up  their  phones  and 
drives  to  the  disaster  recovery  site.  Once  they 
arrive,  they  simply  plug  in  the  phones  and  have  all 
the  same  features  and  functions  as  if  they  were  in 
the  home  office. 

Carney  says  that  application  alone  was  worth  the 
move  to  VOIP  for  him  and  his  team.  “After  five  years 
of  working  on  and  considering  VOIP,  that  was  the 
application  that  just  jumped  out  at  me,"  he  says.  “I 
pick  up  the  phone,  dial  a  3-digit  number  and  I  get 
my  tech  person  who’s  two  hours  away  at  a  different 
college  campus.  No  administrative  system  updates 
are  required  -  the  system  does  it  all  behind  the 
scenes.  And  the  voice  quality  is  crystal  clear.  It’s 
pretty  amazing.” 

The  wireless  factor 

Beyond  presence,  another  application  touted  by 
today’s  VOIP  users  is  the  ability  to  bring  wireless 
devices  into  the  IP  communications  scenario,  at 
times  even  enabling  critical  voice  services  to  ride 
over  a  wireless  IP  network. 

One  such  user  is  the  University  of  New  Mexico  in 
Albuquerque,  N.M.  The  university,  which  includes  a 
medical  school  and  hospital,  decided  to  replace  its 
aging  NEC  TDM-based  phone  system  with  a  new 


NEC  Secure,  a  complete  managed  services  suite  for 
both  the  enterprise  and  SMB  markets.  The  NEC 
Secure  family  includes  solutions  for  e-mail  protection, 
on-site  engineering  assistance,  as  well  as  24x7 
remote  monitoring  and  threat  assessment 

“The  versatility  of  NEC  Unified  Solutions’  products 
and  services  enable  SMBs  to  incorporate  advanced 
communications  solutions  to  drive  productivity  and  col¬ 
laboration,  while  lowering  costs,”  says  Paul  Lopez,  gen¬ 
eral  manager  of  marketing  for  NEC  Unified  Solutions. 
“This  versatility,  coupled  with  NEC  Unified's  strategy  to 
offer  SMB  customers  the  freedom  to  adopt  VOIP, 
whenever  and  where  ever  they  need  it,  ensures  that 
SMBs  can  proactively  meet  their  ever-changing  com¬ 
munications  demands.” 

Learn  more  about  NEC’s  VOIP  solutions. 

Visit  NEC  Unified  at  www.necunified.com 
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NEC  hybrid  PBX  that  enables  it  to  provide  VOIP 
communications  where  necessary,  while  leaving 
some  areas  of  the  school  served  by  traditional  TDM 
voice  service. 

“We  decided  to  go  with  the  hybrid  model  because 
we  could  move  toward  IP  as  we  saw  applications 
for  it  that  were  enough  of  a  cost  or  productivity 
benefit  or  served  some  other  special  need,”  says 
Paula  Loendorf,  director  of  information  technology 
services  at  the  university.  “It  allows  us  to  move 
gradually.” 

One  of  the  applications  that  immediately 
came  to  mind,  however,  was  wireless  VOiP 
communications  for  the  staffers  within  the 
university’s  hospital.  Currently,  doctors  and 
nurses  in  the  hospital’s  emergency  room 
and  operating  rooms  use  wireless  analog 
phones  to  communicate.  The  school  is 
building  a  new  hospital  wing,  however, 
which  will  have  wireless  LAN  with  VOIP 
capabilities. 

Loendorf  says  that  in  January,  the  hospital  will 
pilot  new  NEC/Spectralink  Corp.  phones  in  the 
medical  intensive  care  unit  (ICU).  The  key  selling 
factor  is  the  VOIP  phone’s  ability  to  support  text 
messaging  and  push-to-talk  walkie-talkie  capabili¬ 
ties,  features  that  are  attractive  to  the  hospital’s 
nursing  staff. 

Because  the  phones  are  IP-based,  they  will  inte¬ 
grate  well  with  the  current  nurse  call  system, 
Leondorf  explains.  “If  patients  need  to  reach  a 
nurse,  they  press  a  button  at  their  bedside,  and  the 
nurse  will  get  a  text  message  saying,  ‘Bed  Call  to 
Room  X.'  The  nurse  can  then  respond  by  pressing  a 
button  and  speaking  directly  with  the  patient.” 

Loendorf  says  the  system  will  save  the  nurses  pre¬ 


cious  time  in  sensitive  care  situations.  “The  care¬ 
givers  will  be  aware  of  what  the  patients  need  but 
they  don't  have  to  be  tied  to  the  nursing  station," 
she  says.  “Nurses  put  in  a  lot  of  miles  every  day. 
This  is  one  way  to  save  them  steps  while  offering 
better  patient  care.” 

The  university’s  hospital  is  also  considering  imple¬ 
menting  wireless  badges  provided  by  NEC  and 
Vocera  Communications.  By  simply  patting  the 
badge,  users  can  have  immediate  push-to-talk 

walkie-talkie  capabilities,  similar  to 

Nurses  put  in  a  lot  of  miles 
every  day.  [VOIP  applications 
offer]  one  way  to  save  them 
steps  while  offering  better  patient 
care,  says  Paula  Loendorf  of  the 
University  of  New  Mexico,  which 
is  using  VOIP  in  its  medical  school’s  hospital. 

the  Spectralink  phones.  The  difference  is  that  it’s 
completely  hands-free.  “There  are  a  lot  of  hospitals 
around  the  country  that  have  implemented  those 
because  of  the  form  factor  and  because  it’s  hands¬ 
free,  which  is  a  huge  thing  in  the  medical  environ¬ 
ment,”  Loendorf  says.  Although  the  school  is  not  yet 
piloting  the  badges,  she  foresees  using  both  the 
Spectralink  and  Vocera  wireless  VOIP  applications 
eventually. 

“We  might  end  up  using  the  Spectralink  NEC 
wireless  phones  in  some  areas,  and  we  may  want 
to  implement  the  Vocera  badges  in  others,  depend¬ 


ing  on  the  needs  of  the  various  groups  in  the  hospi¬ 
tal,"  she  says. 

It’s  not  just  unified  messaging  anymore 

Today's  VOIP  users,  although  originally  attracted 
to  the  technology  for  its  promised  cost  savings  in 
terms  of  office-to-office  calls,  simpler  management 
and  reduced  administrative  tasks  for  moves,  adds 
and  changes,  say  that  today  they  find  the  depth  and 
breadth  of  VOIP-enabled  applications  the  true 
deciding  factor  in  choosing  the  technology. 

“The  industry  is  changing  and  even  the  words 
‘VOIP’  and  ‘IP  telephony’  are  morphing  into  the 
bigger  term  of  ‘IP  communications,'”  Forrester's 
Herrell  says.  “Because  it's  bigger  than  just  replac¬ 
ing  a  phone  system  -  it’s  building  a  new  real-time, 
unified,  collaborative  communications  environment 
that  truly  supports  business  processes." 

And  as  more  VOIP  systems  begin  to  embrace 
open  standards,  such  as  the  Session  Initiation 
Protocol  (SIP),  the  business-changing  applications 
of  IP  communications  are  bound  to  multiply.  SIP 
is  a  signaling  protocol  for  IP-based  conferencing, 
telephony,  presence,  events  notification  and 
instant  messaging.  As  more  carriers,  equipment 
and  software  supports  SIP,  it  becomes  easier  to 
create  true  multi-vendor,  real-time  collaborative 
applications  that  can  be  used  on  the  fly,  furthering 
the  reach  and  usage  of  IP  telephony  and 
communications. 

“There  is  just  a  lot  of  pressure  today  to  look  at 
how  you  can  save  money  and  yet  do  the  right  thing 
for  your  organization,"  says  University  of  New 
Mexico's  Loendorf.  “With  IP  networking,  we  get  the 
best  of  both  worlds.  And  as  new  applications 
become  available,  it’s  bound  to  get  better."  ■ 


Inter-Tel’s  IP  communications  strategy  for  maximum  ROi 


Businesses  today  demand  an  ever-expanding 
list  of  requirements  to  meet  their  communi¬ 
cations  needs.  Improving  productivity, 
enhancing  sales,  supporting  resource  sharing,  inte¬ 
grating  technologies  and  managing  complex  security 
issues  are  some  of  the  benchmarks  of  successful 
deployments  that  seamlessly  merge  multiple  operat¬ 
ing  environments. 

Inter-Tel  uniquely  provides  a  single  point  of 
accountability  to  satisfy  these  needs  through  its  fam¬ 
ily  of  Inter-Tel®  5000  and  Inter-Tel®  7000  con¬ 
verged  communications  systems,  as  well  as  its  Inter- 
Tel  NetSolutions®  network  services  offerings. 
Providing  feature-rich  applications  to  maximize  pro¬ 
ductivity  and  improve  business  processes,  Inter-Tel 
enables  industry-leading  presence,  messaging  and 
collaboration  tools. 

Serving  businesses  with  up  to  2,500  users,  the 
recently  released  Inter-Tel  7000  is  an  open-stan¬ 
dards  Session  Initiation  Protocol  (SIP)  softswitch  that 
provides  full  PBX-style  functionality  and  enables  cus¬ 
tomers  to  integrate  standard  SIP  devices  and  appli¬ 
cations  into  their  networks.  The  Inter-Tel  7000  offers 
midsize  to  large  businesses  and  enterprises  robust, 


integrated  IP  telephony  applications  that  include 
Inter-Tel’s  presence  management  and  advanced  call 
routing  capabilities;  powerful  mobility  solutions;  col¬ 
laboration,  Web  and  audioconferencing  applications; 
and  user-friendly  system  administrative  and  diagnos¬ 
tic  tools. 

“This  open-standards  platform  offers  choices  that 
are  not  typically  available  through  proprietary  tech¬ 
nology  and  has  a  feature  set  that  we  feel  surpasses 
other  IP  offerings  in  the  market  today,”  explains  Jeff 
Ford,  Inter-Tel’s  chief  technology  officer.  “Moreover,  it 
is  designed  to  enable  businesses  to  take  advantage 
of  new  communications  technology  as  it  becomes 
available.  That  means  customers  can  expect  further 
improvements  in  productivity  and  efficiency,  along 
with  a  substantially  longer  technology  lifecycle,  to 
help  protect  their  investment.” 

In  addition,  as  a  provider  of  tier  one,  carrier-neutral, 
network  services  offerings,  Inter-Tel  NetSolutions 
offers  a  bundled  approach  to  enabling  IP-centric 
communications.  By  combining  Multi-Protocol  Label 
Switching  (MPLS),  IP  and  legacy  PSTN  solutions, 
NetSolutions  facilitates  the  attainment  of  scalable, 
manageable  and  reliable  communications  environ¬ 


ments,  while  maintaining  affordability.  In  addition, 
NetSolutions  offers  a  robust  suite  of  real-time  man¬ 
agement  and  monitoring  tools  designed  to  proactive¬ 
ly  support  quality  of  service,  network  reliability  and 
disaster  recovery,  while  meeting  industry-leading  ser¬ 
vice  level  agreements. 

Inter-Tel  offers  the  means  to  leverage  advanced 
system  technologies  and  reliable  network  perfor¬ 
mance,  all  from  a  single  source.  With  over  35  years 
of  focused  commitment  in  business  communications, 
Inter-Tel  is  the  smart  choice  for  developing  an  IP 
communications  strategy  that  delivers  maximum 
return  on  investment. 

Learn  more  about  the  Inter-Tel  7000 
communications  system  and  the  Inter-Tel 
NetSolutions  portfolio  of  voice  and  data 
services.  Visit  www.inter-tel.com 


Being  spread  out  the  way  we  are,  we  wanted  to  be  able  to  communicate  with  each  other  like 
we  were  in  one  building.  Inter-Tel  helped  us  solve  that  problem  by  putting  the  network  in  place. 

Just  recently,  we  went  into  an  MPLS  solution  which  allows  us  to  monitor  traffic  and  bandwidth. 
Inter-Tel  has  helped  us  cut  our  cost  and  improve  efficiency  because  it  opened  up  lines  of 
communication  better  than  we  had  before. 

The  people  at  Inter-Tel  understand  my  business  hangs  on  this  network;  if  I  don’t  have  a  network, 
I’m  out  of  business." 

Brenda  O’Connell 

VP  Operations 
Empire  Affiliates 

Division  of  Toledo  Area  Community  Credit  Union 


•  We  are  technically  one  large  credit  union  spread  across  1 5  -  soon  to  be  1 6  -  branches 

and  1 0  counties. 


True.com 


-*  “True.com  is  a  dating  Web  site  that  offers  a  safe  place  for  people  to  meet  online. 

Our  communication  with  each  one  of  those  locations  is  vital  to  properly  handling  our  customers. 

From  a  network  standpoint,  the  biggest  challenge  we  have  is  the  rate  of  growth.  We  often 
have  to  create  services  or  infrastructure  in  a  very  short  period  of  time. 

Inter-Tel  has  the  ability  to  move  as  quickly  as  True.com  does.  It’s  enabled  my  group  to  focus 
more  on  our  core  business  and  let  some  of  the  supporting  infrastructure  be  offloaded.  Inter-Tel 
is  really  an  extension  of  our  IT  services.” 

Greg  Baumann 

Technology  Operations  Manager, 

True.com 


^  To  learn  more  about  Inter-Tel’s 
value-driven  communications 
systems  and  solutions, 
visit  www.inter-tel.com 
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Vendor  Solutions  for  Your  IT  Challenges 


COMPANY:  The  Siemon  Company™ 

OVERVIEW:  Established  in  1903,  Siemon  specializies 
in  the  manufacture  and  innovation  of  high-performance 
network  cabling  solutions.  One  of  only  three  network 
cabling  companies  with  true  global  capabilities,  Siemon 
offers  the  most  comprehensive  suite  of  copper  (and  fiber 
cabling  systems  available.  With  over  400  active  patents 
specific  to  structured  cabling,  from  patch  cords  to  patch 
panels,  Siemon  Labs™  invests  heavily  in  R&D  and  industry 
standards,  underlining  the  company's  long-term  com¬ 
mitment  to  its  customers  and  the  industry. 

CHALLENGE:  The  recent  ratification  of  the  10GBASE-T 
standards  for  1  OGb/s  transmissions  over  copper  cabling 
has  highlighted  the  limitations  of  UTP  cabling. The  inclu¬ 
sion  of  strict  alien  crosstalk  parameters  in  the  1  OGb/s 
standards  posed  major  issues  for  UTP  systems.  Although 
Siemon  and  other  major  cabling  manufacturers  were 
able  to  meet  the  10GBASE-T  performance  requirements 
in  a  UTP  configuration,  the  resulting  designs  relied  on 
increased  cable  diameters  and  restrictive  installation 
practices. 

SOLUTION:  These  UTP  limitations  raised  the  profile 
of  screened  1  OGb/s  solutions,  including  Siemon's 
1 0G  6A™  F/UTP.  By  virtue  of  their  screen,  these  solutions 
defeat  alien  crosstalk  without  major  design  or  installation 
changes. This  fact,  coupled  with  recent  innovations 
designed  to  significantly  simplify  the  installation  of 
screened  cabling,  has  caused  many  users  to  consider 
1  OGb/s  screened  cabling. 

As  an  indication  of  screened  cabling's  growing  profile, 
Siemon  has  noticed  a  strong  upward  trend  in  the 
adoption  of  1 0  Gb/s  screened  (F/UTP)  copper  cabling 
systems,  particularly  in  markets  where  UTP  has  tradition¬ 
ally  been  the  most  popular  option.  In  fact,  growth  of 
1  OGb/s  F/UTP  has  outpaced  UTP  solutions. The  rising 
end  user  acceptance  of  screened  solutions  is  further 
evidenced  by  recent  cabling  industry  response.  Manu¬ 
facturers  known  primarily  as  UTP-focused  have  begun 
to  enter  the  screened  market  with  their  own  versions. 

More  information  on  the  growth  of  screened  cabling  as 
well  as  Siemon's  1 0G  6A  F/UTP  line  is  available  online  at 

www.siemon.com 


800-945-4200 

www.siemon.com 


COMPANY:  Netcordia 

OVERVIEW:  Founded  in  2000,  Netcordia  develops 
NetMRI,  an  automated  Best  Practices  based  network 
management  appliance.  NetMRI  is  the  most  comprehen¬ 
sive,  fully  integrated  network  diagnostic  tool  for  enter¬ 
prise  and  government  networks. This  plug  and  play  unit 
allows  a  network  engineer  to  easily  and  quickly  identify 
issues  with  respect  to  VoIP,  configuration  compliance, 
VLAN,  and  IP  within  the  network. 

CHALLENGE:  As  technology  is  becoming  an  integral 
part  of  everyday  business,  enterprises  are  placing  more 
rigorous  demands  on  their  networks,  expecting  high 
reliability,  rapid  response  time,  consistency  and  compli¬ 
ance.  These  demands  have  network  engineers  searching 
for  a  way  to  proactively  and  cost-effectively  manage  the 
network  infrastructure  without  utilizing  too  much  staff 
time  and  energy. 

SOLUTION:  Netcordia  provides  the  solution  with 
NetMRI,  an  award-winning  network  analysis  appliance 
that  goes  beyond  reporting  to  provide  analysis  based 
upon  expert  rules  and  best  practices.  With  NetMRI,  net¬ 
work  managers  can  optimize  their  networks,  pinpointing 
and  solving  present  and  potential  hot  spots.  What  may 
have  previously  taken  numerous  IT  professionals  hun¬ 
dreds  of  hours  to  uncover,  a  single  NetMRI  unit  now  easily 
finds  in  minutes. 

Monitoring  and  network  management  tools  typically 
capture  statistics  from  interfaces,  links  and  protocols, 
draw  maps  and  graphs  and  send  real  time  alerts  about 
fault  conditions.  NetMRI  correlates  the  statistics  and 
applies  rules  of  logic  for  troubleshooting  in  a  useful 
browser-based  view  or  report.  NetMRI  takes  the  next  step 
with  its  configuration  capabilities  that  allow  customers  to 
automatically  fix  problems,  and  create  their  own  custom 
best  practices.  NetMRI  establishes  accuracy,  integrity  and 
reliability  in  significantly  less  time  than  legacy  offerings. 

•  DiagnosticBase™  best  practices  built  in 

•  Automatically  discovers  entire  infrastructure, 
analyzes  it,  and  makes  suggestions 

•  Easy  to  understand,  self  running 

•  Low  total  cost  of  ownership 

Netcordia 

NetMRI” 

410-266-6161 

www.netcordia.com 
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Mobile  security 
lags  compliance 


BY  JOANIE  WEXLER 


There  is  a  frightening  lag  between  organizations’  zeal  to 
use  mobile  devices  and  their  ability  to  deploy  them  in  a 
way  that  complies  with  regulatory  security  mandates.  And 
it  looks  like  business  managers  are  pointing  the  finger  at  IT, 
while  IT  is  pointing  it  right  back  at  them  in  terms  of  who’s 
holding  things  up. 

These  revelations  were  from  “Comply  on  the  Fly"  a  report 
just  published  by  the  Business  Performance  Management 
Forum,  an  organization  whose  members  work  to  improve 
business  financial  and  operational  performance. 

The  forum’s  members  comprise  cross-departmental  busi¬ 
ness  and  IT  executives  in  multiple  industries  worldwide. 

When  IT  personnel  were  asked  what  they  need  to  get 
senior  management  to  step  up  to  the  mobile  compliance 
challenge, 38%  of  respondents  said, ‘A  security  breach,” said 
Adriano  Gonzales,  vice  president  of  strategy  and  program¬ 
ming  for  the  forum.“I  thought  that  was  alarming.” 

Fte  added  that  40%  of  the  respondents  to  a  700-organiza- 
tion  survey,  which  formed  the  report’s  basis,  admitted  not 
having  necessary  policies  in  place  to  govern  sensitive  data 
residing  in  mobile  devices.  However,  half  the  organizations 
said  that,  at  a  minimum,  25%  of  their  organizations’  mobile 
devices  currently  in  use  do  carry  mission-critical  and 
potentially  sensitive  information. 

Why  the  mismatch? 

The  majority  of  business  managers  basically  say  it’s  up  to 
IT  to  “make  it  happen, ’’while  IT  executives  counter  that  they 
are  having  a  tough  time  getting  management’s  blessing  to 
address  mobile  security  as  a  priority  —  and  the  resources 
needed  to  do  it.  One  reason  is  that  other  compliance  pro¬ 
jects  are  taking  precedence,  Gonzales  observed. 

He  offers  a  high-level  methodology  to  fix  this  problem, 
stressing  that  enterprises  need  to  band  together,  cross- 
departmentally  in  a  multidisciplinary  approach  to  make 
sure  all  the  compliance  i’s  are  dotted  and  t’s  are  crossed. 
He  suggests  beginning  with  the  following  basics: 

•  Assess  the  use  of  mobile  devices  in  your  organization 
—  who’s  using  them  and  how? 

•  Perform  a  thorough  risk  assessment  around  these 
devices,  then  prioritize  actions  based  on  the  risk  and 
potential  impact  associated  with  each. 

•  Implement  a  corporate-wide  governance  framework 
tightly  integrated  into  your  overall  network  management 
systems  fabric. 

•  Examine  the  details  about  devices  and  hard  drives  that 
need  to  be  encrypted, encrypted  access, and  so  forth, such 
that  they  match  up  with  the  auditing,  archiving,  and  secur¬ 
ity  mandates  that  apply  to  your  company. 

The  report  was  built  on  a  worldwide  study  conducted  by 
the  forum  and  its  advisory  board,  who  surveyed  executives 
across  multiple  indus¬ 
tries  with  director- 
level  titles  and  higher. 


Wexler  is  an  inde¬ 
pendent  networking 
technology  writer /edi¬ 
tor.  She  can  be 
reached  at 

joanie@jwexler.com. 


In  your  in-box 

Sign  up  for  this  or  an y  of  Network 
World's  many  other  e-mail  newsletters. 
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MILAN’S  MIL-SM80I  series  of 
layer  2  managed  switches 
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provides  high  performance  non- 
blocking  switching. 
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MILAN  s  most  powerful,  flexible 
line  of  Layer  2  management 
switches. 


The  ShAir  AccessG  Pro 
AP/Bridge:  MILAN’S  new 
cost-effective,  enterprise-class 
wireless  access  point. 
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MILAN  makes  switching  and  wireless  technology  accessible  to 
even  more  applications,  more  needs,  and  more  importantly,  more 
people. Transition  Networks,  the  industry  leader  in  product 
quality,  availability  and  support,  now  offers  MILAN  switching  and 
wireless  products  as  a  way  for  schools  to  simply  connect  the 
devices  they  need. 


MILAN  BY 

TRANSITION 

NETWORKS 


We  are  pleased  to  present  the  new  class  of  2006. 


www.milan.com 


800-526-9267 
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Managing  the 
virtual  world 

CA  last  week  became  the  latest  management  vendor  to 
roll  out  tools  to  manage  virtual  server  environments, 
joining  BMC  Software,  IBM/Tivoli,  Opsware  and  others 
rushing  to  fill  this  important  need. 

While  virtualization  has  proved  to  be  a  boon  —  making  it 
easier  to  consolidate  and  mix  and  match  resources,  among 
other  things  —  the  need  for  an  integrated  control  plane  for 
the  physical  and  virtual  worlds  has  become  evident  only  as 
virtual  machines  have  found  increasingly  important  roles  in 
production  environments. 

Because  virtual  servers  can  be  created  and  changed  so 
easily,  a  typical  byproduct  of  virtual  server  adoption  is  an 
explosion  in  the  number  of  servers  used. That’s  a  develop¬ 
ment  that  can  negate  some  of  the  gains  achieved  by  mov¬ 
ing  to  the  virtual  realm. 

Opsware  CTO  Tim  Howes  calls  this  phenomenon  virtual 
machine  sprawl. “Users  end  up  creating  hundreds  of  unse¬ 
cured,  unlicensed,  unmonitored  virtual  machines,”  he  says. 

And  it  will  get  worse.  Only  a  fraction  of  servers  are  virtual 
today  according  to  IDC.but  more  than  half  of  all  servers  will 
be  virtual  by  201 1,  and  that  number  jumps  to  70%  by  2013. 

But  Howes  argues  that  lack  of  virtual  machine  manage¬ 
ment  tools  is  hampering  adoption  of  the  technology,  citing 
EMA  research  that  shows  76%  of  virtualization  deployments 
are  on  500  or  fewer  servers.  Where  virtualization  is  used, 

76%  of  the  time  it  is  used  for  test  and  development,  52%  for 
file  and  print,  50%  for  Web  servers  and  44%  for  custom 
applications,  according  to  Forrester  Research. 

Virtualization  isn’t  used  more  widely,  Howes  says,  because 
of  the  inherent  management  issues.“You  have  all  the  same 
issues  with  physical  servers  —  configuration,  patching  — 
plus  a  slate  of  new  management  issues  for  the  virtual 
realm:  creating  virtual  machines,  deleting  them,  moving, 
them  and  so  on.” 

Howes  says  management  of  virtual  environments  is  com¬ 
plicated  by  several  issues:  the  hypervisor  layer  that  makes 
virtualization  possible  represents  a  new  software  layer  that 
needs  to  be  mastered;  virtual  environments  bring  with 
them  a  host  of  new  interdependencies  and  complex  rela¬ 
tionships;  and  the  environments  evolve  more  quickly 
because  it  is  easier  to  change  stuff  on  the  fly  (VMware’s 
VMotion  tool,  for  example,  lets  users  move  live  virtual 
machines  among  physical  servers). 

Today  many  IT  shops  are  using  a  mix  of  off-the-shelf  prod¬ 
ucts  and  homegrown  tools  to  manage  virtual  environments, 
but  achieving  scale  will  require  management  wares  such  as 
those  from  Opsware,  CA  and  the  others.  Next  year  will  see 
these  technologies  blossom,  and  not  a  minute  too  soon. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


Title  match 

“Mismatched  job  titles”  (www.networkworld.com 
/6326)  hit  home  with  me  on  a  number  of  levels. 
However,  David  Foote’s  comments  about  network 
engineers/administrators/architects/technicians 
surprised  me.  Maybe  it’s  just  the  market  I’m  in,  but 
in  general  I  see  a  wide  variety  in  what  people  mean 
when  they  use  the  term  “network.”  For  some  people, 
it’s  strictly  routers/firewalls/switches;  for  other  peo¬ 
ple,  it’s  systems  (servers,  hardware);  for  others,  it’s 
applications  (messaging,  Citrix).  I  also  haven’t  seen 
consistency  in  the  second  half  of  the  job  title  — 
I’ve  been  an  engineer  (which  in  Canada  is  a  pro¬ 
tected  term),  analyst,  specialist  and  I’m  starting  a 
new  job  soon  where  I  haven’t  even  bothered  to 
learn  my  title.  I  do  hope  the  trends  of  skill-based 
compensation  make  their  way  north,  though. 

Sean  Walberg 
Winnipeg,  Canada 

Checking  up 

Regarding  Richard  Stiennon’s  open  letter  to  Check 
Fbint  CEO  Gil  Shwed  (www.networkworld.com/ 
/6328):With  all  due  respect  to  Stiennon,the  problem 
in  security  is  not  in  the  network  —  it’s  the  integrity  of 
the  endpoints.  If  the  integrity  of  endpoints  is  ques¬ 
tionable,  enforcement  within  the  network  is  useless. 

Check  Point  should  be  investing  more  in  beefing 
up  its  endpoint  integrity  solution  (perhaps  as  an 
add-on  to  its  ZoneAlarm  firewall)  and  not  just 
buying  up  hardware-based  platforms,  such  as 
Crossbeam. 

Sanjay  Sawhney 
Cupertino,  Calif. 

I  think  Richard  Stiennon’s  open  letter  to  Gil 
Shwed  is  right  on  the  money.  However,  it  would 


not  be  a  stretch  to  use  both  the  health  check  and 
user  identity  coupled  with  other  attributes,  such 
as  location  and  security  alert  levels,  to  make  the 
decision  on  whether  a  particular  access  is 
allowed. 

The  one  place  where  I  differ  is  the  use  of  virtual 
LANs  for  customization  of  what  the  user  gets  to 
access.  Why  use  a  coarse-grained  Layer  2  construct 
when  you  have  much  finer-grained  mechanisms 
available  that  do  not  need  network  reconfigura¬ 
tion?  The  enforcement  point  needs  to  be  able  to 
enforce  logical  collection  of  resources  without 
resorting  to  VLANs. 

Sanjay  Uppal 
San  Jose,  Calif. 

A  virtual  life 

Regarding  Mark  Gibbs’  BackSpin  column  “Big 
Brother  gets  virtual”  (www.networkworld.com/6327) 
/6327):The  IRS  will  have  arrived  when  it  can  put  a 
lien  on  your  virtual  house  in  your  favorite  Massively 
Multiplayer  Online  Role-Playing  Game  and  take  real 
tax  payments  in  virtual  gold,  copper  and  silver.  Do 
you  have  to  file  capital  loss  when  your  virtual  house 
is  taken  over  by  a  group  of  online  thugs?  Does  the 
FBI  get  involved  when  crimes  against  your  virtual 
character  happen  over  state  lines? 

The  states  could  follow  suit  by  charging  sales  tax 
when  you  sell  that  third-level  magical  sword. 
Wonder  if  the  lawyers  will  get  into  this?  Consider 
the  lawsuits  when  lawyers  find  out  their  client’s  vir¬ 
tual  character  was  killed  and  all  possessions  taken. 
Would  there  be  tax  credits  for  virtual  children? 

Daren  Mehl 
Apple  Valley  Minn. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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STRATEGY  SESSION 


Jeff  Kaplan 


On-demand  services  set  to  take  off  in  200? 


Not  long  ago, every  major  research  firm  and 
business  consultant  was  telling  corporate 
executives  that  IT  was  a  strategic  asset  that 
needed  to  be  nurtured  and  leveraged  as  a  com¬ 
petitive  advantage.  Today’s  reality  is  that  IT  is 
increasingly  becoming  a  commodity  which  many 
organizations  are  still  unable  to  use  fully  As  a 
result,  in  2007  more  companies  will  turn  to  on- 
demand  alternatives,  which  will  disrupt  the  IT 
industry  fundamentally 

Nicholas  Carr  took  a  beating  a  few  years  ago 
when  he  suggested  that  IT  didn’t  really  matter.  In 
his  follow-up  story  “The  End  of  Corporate  Com¬ 
puting,”  in  the  spring  2005  MIT  Sloan  Management 
Review,  Carr  wrote,  “Imagine  what  future  genera¬ 
tions  will  see  when  they  look  back  at  the  current 
time  ....  won’t  the  way  corporate  computing  is 
practiced  today  appear  fundamentally  illogical 
—  and  inherently  doomed?”  While  some  IT  pro¬ 
fessionals  may  believe  they  succeeded  in  push¬ 
ing  Carr’s  views  aside,  because  he  is  not  as  visible 
today  his  Web  site  shows  he  is  still  busy  speaking 
to  executive  groups,  as  well  as  at  industry  events, 
worldwide. 

The  reason:  Corporate  executives  and  users  are 
fed  up  with  the  shortcomings  of  traditional  IT  and 
legacy  applications,  and  increasingly  are  willing 


to  test  a  widening  array  of  online  alternatives. 
Many  are  being  emboldened  by  the  rapid  growth 
of  on-demand  services  in  the  consumer  world. 
Just  as  the  traditional  institutions  of  newspapers, 
television  and  the  music  industry  are  under 
attack  from  Google,  YouTube  and  iTunes,  so  are 
traditional  ways  of  managing  technology  and 
deploying  software  being  seriously  challenged  by 
a  new  generation  of  managed  service  and  soft- 

llsers  are  fed  up  with  the 
shortcomings  of  traditional 
IT  and  legacy  applications. 

ware-as-a-service  providers. 

Both  managed  services  and  software-as-a-ser- 
vice  leverage  pervasive  broadband  deployment 
and  other  enabling  technologies  to  deliver  easier- 
to-use  IT  management  and  business  applications 
on  a  subscription-service  basis.  These  services 
eliminate  the  upfront  capital  investments,  hard¬ 
ware  and  software  deployment  challenges,  and 
ongoing  administrative  hassles  of  traditional  infra¬ 
structure  and  application  management. 

Adoption  of  these  alternatives  by  organizations 
of  all  sizes  is  well  under  way  A  recent  Think- 


Strategies  survey  of  550  IT  professionals  and  busi¬ 
ness  executives  found  that  about  40%  use  one  or 
more  managed  services,  and  nearly  95%  are 
either  very  or  somewhat  satisfied  with  the  quality 
of  these  services. 

Beyond  saving  time  and  money  today’s  man¬ 
aged  services  and  software-as-a-service  solutions 
also  provide  greater  backup-and-recovery  capa¬ 
bilities  than  many  corporate  IT  shops.  They  also 
provide  real-time,  multiuser  visibility  that  permits 
greater  collaboration  among  workers. 

Look  for  corporate  adoption  of  on-demand  ser¬ 
vices  to  accelerate  in  2007,  as  more  customer 
success  stories  about  the  lower  total  cost  of  own¬ 
ership  and  greater  return  on  investment  become 
available.  Corporate  executives  no  longer  will  be 
asking  why  they  should  consider  managed  ser¬ 
vices  or  software-as-a-service,  but  why  they  should 
continue  to  put  up  with  the  hassles  and  costs  of 
traditional  IT  and  legacy  applications.  The  real 
question  will  be  whether  their  IT  staff  will  be 
ready  to  respond  to  the  on-demand  movement 
heading  their  way 

Kaplan  is  managing  director  ofThinkStrategies, 
a  consultancy  in  Wellesley,  Mass.  He  can  be 
reached  at  jkaplan@thinkstrategies.com. 


REAUTY  CHECK 
Thomas  Nolle 


Can  T-Mobile  launch  an  FIHC  arms  race? 


Fixed-mobile  convergence  has  always  been 
seen  in  the  United  States  as  one  of  the  pawns 
in  the  game  of  RBOCs  vs.  cable  companies. 
The  former  were  supposed  to  be  looking  at  FMC 
to  link  profitable  mobile  voice  with  less-than-prof- 
itable  wireline  voice,  the  latter  as  a  way  of  elimi¬ 
nating  FMC  as  an  RBOC  differentiator  and  possi¬ 
bly  easing  their  own  installation  problems.  NowT- 
Mobile,a  player  in  neither  camp,  is  taking  an  early 
FMC  position  that  may  cause  both  RBOCs  and 
cable  companies  to  jumpstart  their  own  efforts. 

T-Mobile’s  offering,  HotSpot@Home,  is  based  on 
a  new  series  of  handsets  that  roam  between  Wi-Fi 
and  cellular  services.  This  means  a  user  can  use 
Wi-Fi  voice  while  using  a  home  network  or  a  T- 
Mobile  hot  spot.  The  service  is  available  only  in 
certain  areas,  but  the  company  expects  to  roll  it 
out  nationally  in  2007. 

For  consumers,  a  handset  that  can  roam 
between  Wi-Fi  hot  spots  (including  a  home  net¬ 
work)  and  the  cellular  network  represents  a 
potential  savings  in  airtime  charges  on  their  cell 
phones. You  can  walk  into  your  home  (or  another 
qualifying  hot  spot)  and  a  call  in  progress  will 
roam  over  onto  your  home  network,  saving  you 
minutes.  You  also  get  reliable  reception  in  areas 
where  T-Mobile  has  hot  spots,  such  as  airport 
lounges.  In  theory  it  will  let  you  give  up  your  land¬ 
line  for  a  purely  untethered  life. 

Which,  of  course,  may  be  why  you’re  getting  this 
from  T-Mobile  and  not  AT&T  or  Verizon.  The 
RBOCs’  quarterly  numbers  have  shown  declines 


in  their  access  lines,  so  you  would  hardly  expect 
RBOCs  to  jump  out  in  front  of  the  dual-mode 
handset  trend.The  cable  companies,  on  the  other 
hand,  have  every  reason  to  want  to  support  the 
kind  of  FMC  T-Mobile  offers. 

This  kind  of  FMC  is  a  boon  to  the  cable  compa¬ 
nies,  because  it  could  eliminate  the  problem  of 
voice  installation.  Give  customers  a  couple  of  Wi- 
Fi/cellular  handsets,  and  they  don’t  need  to  rewire 
their  internal  phone  connections  to  use  a  cable 
voice  service  with  multiple  home  phones.  The 

T-Mobile  has  changed  the 
game,  and  the  changes 
may  show  up  even  in  2007. 

problem  is  that  the  cable  companies  don’t  have 
cellular  service;  most  have  a  relationship  with 
Sprint  for  “quad-play”  capability.  With  the  RBOCs 
on  the  sidelines.it  appears  the  cable  guys  are  con¬ 
tent  to  sit  and  not  empower  Sprint  with  new 
industry  power  and  revenue. 

T-Mobile  changes  all  that,  threatening  both  par¬ 
ties  with  loss  of  voice  customers.  If  T-Mobile  can 
get  the  handset  and  operations  software 
tweaked  correctly  in  these  early  trials,  it  could 
roll  out  the  service  nationwide  and  cause  some 
serious  competitive  headaches  for  RBOC  and 
cable  company  alike.  That  would  shake  up  the 
voice  market  big  time. 

There  are  issues,  and  security  is  a  big  one.  T- 


Mobile  has  some  control  over  which  Wi-Fi  net¬ 
works  carry  customer  calls,  but  attempting  to 
make  the  concept  more  widely  available  and  use¬ 
ful  could  introduce  security  holes.  Imagine  a 
rogue  Wi-Fi  setup  that’s  designed  to  snare  your 
phone  and  record  calls,  steal  the  numbers  you 
call  and  steal  transactions  you  make. 

A  second  issue  is  regulatory,  including  emer¬ 
gency  calling.  Wi-Fi  setups  right  now  would  not 
necessarily  record  E91 1  data  or  may  not  comply 
with  the  Communications  Assistance  for  Law 
Enforcement  Act  or  other  lawful  intercept 
requirements. 

It’s  clear  T-Mobile  hopes  to  work  through  these 
issues  in  early  deployments,  and  the  stakes  are 
high.  If  T-Mobile  can  get  a  lead  here,  it  could 
become  one  of  the  top  players,  easing  out  trou¬ 
bled  Sprint.This  kind  of  FMC  is  probably  the  killer 
application  for  new-generation  voice,  the  force 
that  will  create  the  kind  of  revolution  in  the  voice 
arena  that  has  been  predicted  for  a  decade  and 
has  yet  to  arrive.  It  may  be  the  force  that  creates 
universal  broadband  access  that  empowers 
municipal  Wi-Fi  networks,  drives  WiMAX  deploy¬ 
ment  and  even  promotes  content.  T-Mobile  has 
changed  the  game,  and  the  changes  may  show 
up  even  in  2007. 

Nolle  is  president  of  CIMI  Corp.,  a  technology 
assessment  firm  in  Voorhees,  N.J.  He  can  be 
reached  at  (856)  753-0004  or  tnolle@ 

cimicorp.com. 


ConSentry  edges  out  Nevis 
in  in-line  NAC  appliance  test 

Pair  offers  increased  access  control  with  minimal  impact  on  existing  networks. 

BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

Start-ups  ConSentry  Networks  and  Nevis  Networks  have  stepped  into  the  net¬ 
work  access  control  ring  with  in-line  enforcement  products  that  promise  high 
levels  of  security  with  minimal  impact  on  existing  network  infrastructures. 


In  this  Clear  Choice  Test  we  found  that  ConSentry’s 
LANShield  CS2400  Controller  coupled  with  its  InSight 
Command  Center  management  system  comes  closer  to 
that  mark  with  an  enterprise-ready  package  that  has  only 
a  few  rough  edges.  Nevis’  LANenforcer  2024  appliance 
coupled  with  its  LANsight  Security  Manager  trails  in  com¬ 
parison  because  of  overall  design  issues  and  more  than 
its  fair  share  of  bugs. 

At  the  core  of  LANShield  and  LANenforcer  are  very 
high-speed,  high  port-density  stateful  firewall  devices  and 
intrusion-prevention  systems  (IPS).  Both  claim  a  maxi¬ 
mum  of  lOGbps  throughput  and  a  capacity  of  1,000  users. 
They  have  many  potential  uses,  such  as  traditional  fire¬ 
walls  in  a  data  center  or  as  rate-limiting  IPSs.but  the  buzz 
around  NAC  in  the  last  12  months  has  been  deafening, 
and  both  products  are  being  positioned  —  at  least  this 
week  —  as  NAC  solutions. 

The  use  case  goes  like  this:  Enterprises  want  to  imple¬ 
ment  NAC  but  they  want  to  minimize  changes  and 
upgrades  to  their  installed  LAN  switching  infrastructure. 
The  LANShield  and  LANenforcer  boxes  we  tested  have  10 
and  12  pairs,  respectively  of  Gigabit  Ethernet  ports.  Install 
either  device  next  to  your  core  switch.  For  each  uplink 
from  a  wiring  closet,  use  a  port  pair  to  run  the  traffic 
through  the  device  before  passing  it  to  the  core  switch. 
This  gives  you  a  control  point  —  both  companies  call 
their  devices  controllers  rather  than  security  switches  — 
to  authenticate  users,  apply  highly  detailed  per-user  state¬ 
ful  firewall  controls,  and  use  as  an  internal  IPS. 

We  looked  at  these  products  as  NAC  devices  and  focused 
on  four  areas  critical  for  any  NAC  deployment:  authentica¬ 
tion  and  authorization,  endpoint  security  posture  assess¬ 
ment,  traffic  enforcement,  and  system  management  (see 
“How  we  did  it”  at  www.docfinder.com/6330).  We  are 
assessing  the  performance  of  these  products  in  a  separate 
rest  and  will  post  those  results  when  they  are  available. 

Authentication  and  authorization 

Authentication  is  a  difficult  piece  of  the  NAC  picture  for 
LANShield  and  LANenforcer  to  master.  Because  they  sit 
deeper  in  the  network,  there  is  no  simple  answer  to  how 
users  will  authenticate  to  the  devices.  The  most  obvious 
approach  is  to  use  a  Web-based  captive  portal,  and  both 


ConSentrys  LANShield  controller  is  a  high-speed,  high-density 
in-line  firewall  coupled  with  a  flexible  set  of  authentication 
options  that  give  companies  versatile  enforcement  controls. 

products  support  this  as  an  authentication  method.With  a 
captive  portal,  the  user  connects  to  the  network, gets  an  IP 
address,  then  launches  a  Web  browser  and  tries  to  open  a 
Web  page.  LANShield  and  LANenforcer  intercept  this 
communication  and  redirect  a  users  browser  to  a  page 
that  lets  him  authenticate. 

We  found  a  major  design  flaw  in  LANenforcer’s  captive 
portal.The  version  we  tested  does  not  let  you  use  your  own 
certificate  authority  or  a  well-known  trusted  certificate 
authority  to  sign  the  SSL  certificate.  Without  a  trusted  cer¬ 
tificate  authority,  you’re  asking  people  to  connect  to  your 
network  and  give  their  user  name  and  password  to  an 
unauthenticated  system  they  don’t  know  —  not  the  best 
idea  under  any  circumstances.  Nevis  says  it  is  adding  the 
capability  to  use  your  own  digital  certificate  and  certificate 
authority  in  its  next  release. 

Captive  portals  generally  are  fine  for  hotels  and  hot  spots, 
but  aren’t  a  particularly  user-friendly  approach  for  authen¬ 
ticating  to  enterprise  networks.  For  this  reason, LANenforcer 
lets  the  network  manager  enable  self-registration,  in  which 
LANenforcer  remembers  the  media  access  control  (MAC) 
address  of  an  authenticated  user  for  some  configurable 
period  of  time  (eight  hours  to  one  year)  and  doesn’t 
require  reauthentication.  Our  tests  show  that  while  this  fea¬ 
ture  works  perfectly,  it’s  not  a  universal  remedy  for  the  prob¬ 
lems  associated  with  captive  portals.  Because  MAC-based 
authentication  offers  such  poor  security  —  MAC  addresses 
are  easily  stolen  and  spoofed  —  the  self-registration 
approach  takes  an  intrusive  authentication  method  and 
significantly  weakens  an  overall  security  model. 

ConSentry  has  a  better  approach  to  the  authentication 
problem:  passive  authentication  as  an  alternative  to  a  cap¬ 
tive  portal.  If  users  are  logging  into  a  Windows  domain  or 
are  using  802.  IX  authentication  for  wireless  or  wired  LAN 


access,  LANShield  watches  that  authentication  pass 
through  and  infers  the  identity  of  users  (in  the  case  of 
Windows  logons)  or  the  groups  they  belong  to  (in  the  case 
of  802.  IX  authentication). 

In  our  authentication  testing,  we  found  problems  in  both 
products.  LANShield  initially  wouldn’t  work  with  our  Funk 
(Juniper)  RADIUS  server  (the  problem  was  fixed  with  a 
newer  version  of  the  software),  and  LANenforcer  has 
design  issues  and  bugs  related  to  the  assignment  of  groups 
from  RADIUS  and  Lightweight  Directory  Access  Protocol 
(LDAP)  servers.  If  you  are  using  a  Windows  Active  Directory 
server  for  authentication,  you  should  be  fine  with 
LANenforcer,  but  our  tests  show  you  may  not  be  able  to 
assign  group  membership  from  LDAP  or  RADIUS  even  with 
common,  off-the-shelf  configurations. 

We  also  were  disappointed  to  see  that  when  Nevis’ 
LANsight  Security  Manager  is  used  to  configure  devices, 
all  authentications  are  proxied  by  the  LANsight  server. 
This  makes  for  a  frightening  single  point  of  failure,  be¬ 
cause  the  management  server  is  simply  a  Linux  server.  We 
discovered  this  issue  when  our  LANsight  server  lost  com¬ 
munications  with  LANenforcer,  losing  most  configuration 
information  and  requiring  a  reinstallation  and  reconfigu¬ 
ration  of  LANenforcer. 

Once  a  user  is  authenticated,  the  ConSentry  and  Nevis 
boxes  need  a  way  to  assign  the  right  security  enforcement 
policies.  ConSentry  maps  each  user  to  a  single  role  using 
a  flexible  system  that  includes  everything  from  the 
authentication  group  to  time  of  day  to  access  method. 
Nevis  has  a  less  flexible  system,  assigning  roles  based  on 
the  group  returned  from  the  authentication  server. 
However,  if  you  are  using  LDAP  for  authentication  and  a 
user  is  in  multiple  groups,  Nevis  has  a  well-designed  sys¬ 
tem  for  merging  different  security  policies.This  capability 
will  be  extremely  attractive  to  network  managers  who 
want  to  have  very  fine-grained  security  enforcement 
scaled  to  a  large  number  of  groups,  because  Nevis  lets 
each  group  have  a  more  precise  policy. 

Endpoint  security-posture  assessment 

A  key  driver  for  NAC  in  many  enterprises  is  endpoint 
security:  evaluating  the  posture  of  devices  connecting  to 
the  network  and  restricting  access  to  devices  that  are  not  in 
compliance  with  corporate  policies.  ConSentry  and  Nevis 
address  this  requirement,  but  not  to  a  satisfactory  degree. 

Nevis’  approach  to  endpoint  security  with  the 
LANenforcer  is  to  use  an  ActiveX  control  pushed  down  to 
the  user’s  PC  (assuming  Windows  and  Internet  Explorer  are 
running  and  there  are  Administrator  privileges)  that  checks 
for  operating-system  patch  levels  and  the  presence  of 
antivirus  and  antispyware  software.  Because  the  principal 
Nevis  authentication  method  is  a  captive  portal,  endpoint 
security  evaluation  happens  during  the  logon  sequence  as 
the  Web  page  is  loaded.  Failure  to  pass  these  checks  can 
land  you  in  a  quarantine  state  for  user-directed  remedia¬ 
tion;  LANenforcer  also  can  be  configured  to  require  peri¬ 
odic  reevaluation  while  the  user  is  logged  in. 

Unfortunately,  using  LANenforcer’s  self-registration  facility 
to  avoid  going  through  the  captive  portal  for  authentication 
means  there’s  no  opportunity  for  LANenforcer  to  push 
down  the  endpoint  security  posture  assessment  tool.  In  our 
testing,  we  ran  into  a  problem:The  Nevis  endpoint  security 

See  NAC  test,  page  60 
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Oracle  Database  lOg 

38%  Faster  to  Manage 
30%  Less  Complex 
57%  Simpler  Installation 
$31,664  Less  Per  DBA  Annually 

...  than  Microsoft  SQL  Server  2005 

Third-party  study  from  the  Edison  Group,  Inc.,  March  2006. 

Comparative  management  cost  study  of  Oracle  Database  10g  Release  2 
and  Microsoft  SQL  Server  2005. 


Oracle  Database  lOg  is  easier  to  manage, 
while  Microsoft  SQL  Server  2005  gets  more  complex. 
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or  call  1.800.ORACLE.1 


Comparative  study  from  Edison  Group  based  on  measurement  of  time  and  number  of  steps  necessary  for  typical  DBA 
to  perform  common  database  administration  functions.  Relative  complexity  defined  by  comparison  of  the  number  of 
steps  taken  to  complete  the  measured  tasks.  Cost  per  DBA  annually  calculated  from  December  2005  median 
compensation  of  $82,889.  For  more  information  see  www.oracle.com/database/edisonmanagesql_0306.html 
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continued  from  page  58 

tool  insisted  that  we  needed  a  particular  patch  for  our 
Windows  XP  laptop,  while  Microsoft  Windows  Update 
Service  didn’t  agree  or  offer  that  particular  patch. This  was¬ 
n’t  as  big  a  problem  as  were  the  Nevis  interface’s  opacity 
and  lack  of  configuration  controls. Once  we  discovered  the 
problem,  there  was  nothing  we  could  do  about  it,  because 
LANsight  can’t  see  the  required  patch  list  or  manually 
update  or  override  it. 

ConSentry’s  approach  in  its  LANShield  is  almost  identi¬ 
cal  to  Nevis’,  with  similar  limitations.  ConSentry  has 
teamed  with  Check  Point,  selling  Check  Point  Integrity 
Clientless  Security  as  the  integrated  endpoint  security- 
posture  assessment  tool.  Check  Point’s  Integrity  tool  is 
more  sophisticated  than  the  Nevis  endpoint  security  tool. 
For  example.it  checks  for  spyware,  not  just  the  presence  of 
antispyware  software.  And  you  can  use  it  to  add  other 
types  of  checks  to  your  policy. This  ConSentry-Check  Point 
combination  also  supports  a  wider  variety  of  client  plat¬ 
forms,  including  older  versions  of  Windows  and  both  Java 
and  ActiveX  versions  of  the  endpoint  security  tool. 

Even  with  a  more  sophisticated  client-posture  assessment 
tool,  ConSentry  and  Nevis  have  the  same  issue:  The  user 
has  to  go  to  a  Web  page  to  download  the  tool.  With  a  cap¬ 
tive  portal,  the  interface  is  as  clean  as  Nevis’,  but  when  you 
are  using  one  of  the  ConSentry  LANShield  passive  authen¬ 
tication  methods  (such  as  watching  a  Windows  domain 
logon),  there’s  no  Web  page  involved.  In  that  case, 
LANShield  can  intercept  the  next  Web  connection  the 
client  makes  and  push  down  the  endpoint  security  tool,  but 
there’s  no  guarantee  users  will  use  their  Web  browser. 

Intrusion  prevention  plays  a  role 

Both  Nevis  and  ConSentry  are  aware  of  the  issues  sur¬ 
rounding  endpoint  security-posture  assessment  and  their 
particular  topologies.  One  solution  might  be  to  have  an 
installed,  proprietary  client  that  handles  both  authentica¬ 
tion  and  posture  assessment;  this  is  the  approach  the  Cisco 
NAC  framework  uses.  ConSentry  says  it  is  developing  its 
own  client,  while  Nevis  is  considering  adding  a  client  to 
strengthen  its  posture  assessment. 

A  second  solution  would  be  to  add  intrusion-prevention 
capabilities  into  the  products,  identifying  and  quarantining 
(or  blocking)  systems  that  are  infected  with  malware.  This 
approach  is  more  successful  than  traditional  endpoint 


Nevis  has  chosen  to  emphasize  the  IPS  nature  of  its  LAN- 
enforcer  controller  as  much  as  its  NAC  features.  The  product 
has  a  well  thought-out  set  of  IPS  features  designed  to  catch 
malware  and  internal  worms. 

security  assessment,  because  it  is  inherently  cross-platform 
and  nonintrusive,  and  has  a  better  chance  of  detecting  a 
compromised  system.  After  all,  having  an  antivirus  engine 
installed  with  up-to-date  signatures  says  nothing  about 
whether  you’re  infected  with  a  virus.  ConSentry  and  Nevis 
both  have  gone  down  this  path,  with  Nevis  taking  the  lead 
in  building  a  sophisticated  IPS  into  LANenforcer. 

The  Nevis  IPS,  marketed  as  Threat  Control,  is  a  combina¬ 
tion  of  three  IPS  technologies:  protocol  anomaly  detection, 
traffic  anomaly  detection  and  specific  malware  signature- 
based  detection.  Because  LANenforcer  sits  between  users 
and  corporate  resources,  the  IPS  feature  set  focuses  on  spe¬ 
cific,  internal-network  types  of  threats.  For  example,  worm 


NetResults 


Product 

LANShield  CS2400  Controller  V2.2  and  InSight 
Command  Center 

LANenforcer  2024  V2.0  and  LANsight  Security 
Manager 

Vendor 

ConSentry  Networks 

www.consentry.com  [ULtAnUnUlut 

Nevis  Networks  www.nevisnetworks.com 

Price 

$28,500  for  LanShield  and  $8,000  for  InSight. 

$35,000  for  LANenforcer  and  $7,000  for  LANsight. 

Pros 

Excellent  policy  definition  tools;  versatile 
authentication  and  enforcement  options. 

Network  security  visibility;  role  assignment 
versatility. 

Cons 

Weak  intrustion-protection  system  (IPS) functionality 

Policy  definition  clumsy;  captive  portal 
authentication  only  real  option. 

Score 

3.78 

3.35 

containment  is  a  big  piece  of  the  picture,  with  dozens  of 
settings  that  can  be  used  to  adjust  thresholds  if  the  defaults 
don’t  work.Threat  Control  provides  the  option  of  triggering 
actions  on  LANenforcer  itself,  such  as  blocking  all  traffic 
from  a  misbehaving  IP  address  for  some  period  of  time. 

We  had  mixed  success  with  Threat  Control’s  threat- 
mitigation  features.  When  we  set  loose  SQL  Slammer  —  the 
canonical  out-of-control  worm  —  on  our  network,  Nevis 
found  and  isolated  it  and  raised  an  alarm.  However,  when 
we  installed  NetRaider,  one  of  the  backdoor  Trojan  horse 
applications  used  by  hackers  to  take  control  of  a  system, 
LANenforcer  didn’t  see  it,  even  though  there  are  two  signa¬ 
tures  for  NetRaider  enabled  in  the  LANsight  management 
system.  (Like  many  proprietary  IPSs,  the  signatures  are 
opaque,  so  we  couldn’t  debug  why  the  LANenforcer 
missed  our  Trojan  horse.)  We  also  found  a  bug  when  we 
turned  on  sequence  number  randomization,  a  common 
firewall  obfuscation  technique,  because  the  Nevis  box  then 
refused  to  let  anyone  on  the  network. 

LANShield  has  a  much  less  sophisticated  IPS  feature  set, 
with  no  configuration  capability  other  than  the  ability  to 
turn  it  on  or  off.  ConSentry  labels  its  IPS  features  as  malware 
protection. To  the  network  manager,  it  will  be  a  black  box. 
Although  LANShield  did  identify  and  block  our  SQL 
Slammer  worm,  we  wouldn’t  feel  comfortable  setting  loose 
such  an  undocumented  and  uncontrollable  feature  in  a 
real  network.  For  now,  LANShield s  malware  features  should 
be  considered  more  of  a  promise  of  things  to  come  than  a 
fully  baked  capability 

Enforcement 

The  huge  advantage  that  both  of  these  products  have 
over  most  other  NAC  solutions  is  their  enforcement  capa¬ 
bilities,  based  on  full  stateful  firewalling.  Rather  than  be 
content  with  putting  different  users  on  different  virtual 
LANs  (VLAN)  —  the  most  commonly  bandied-about  NAC 
strategy  —  Nevis  and  ConSentry  give  the  network  man¬ 
ager  not  only  very  fine-grained  access  controls,  but  also 
stateful  firewalling.  This  puts  ConSentry  and  Nevis  in  a 
very  small  circle  of  such  vendors  as  Juniper  and  Vernier 
that  are  advocating  such  a  high  level  of  security 

We  did  not  validate  exhaustively  the  correct  enforcement 
by  either  firewall,  but  we  did  discover  that  neither  LAN¬ 


enforcer  nor  LANShield  has  common  application-layer 
gateways  within  its  enforcement  capabilities.  This  means 
that  protocols  requiring  an  application-layer  gateway  —  for 
example,  FTP  or  VoIP  using  Session  Initiation  Protocol  and 
Realtime  Streaming  Protocol  —  aren’t  supported  directly 
You  can  still  run  these  protocols  through  the  devices,  but 
your  policy  will  have  to  punch  bigger  holes  in  the  firewall 
to  support  them, and  you  won’t  have  the  same  level  of  con¬ 
trol.  Because  these  products  are  designed  for  internal  use 
with  primarily  trusted  users,  this  doesn’t  seem  an  unrea¬ 
sonable  restriction. 

While  the  basics  you’d  expect  in  any  firewall  —  source  or 
destination  IP  addresses, subnets  and  network  zones  —  are 
present,  ConSentry  has  gone  further  than  Nevis  in  provid¬ 
ing  powerful  enforcement  rules.  For  example,  you  can 
define  enforcement  rules  in  terms  of  Common  Internet  File 
System  or  FTP  file  names  or  HTTP  content  types, something 
ConSentry  calls  application  filters.  These  filters  are  a  good 
start,  although  there  are  some  big  gaps.  For  example,  you 
can’t  write  a  filter  based  on  an  HTTP  URL. 

LANenforcer  has  an  enforcement  vocabulary  that’s  closer 
to  a  traditional  firewall,  with  enforcement  rules  expressed 
in  terms  of  destination  IP  addresses  and  services. 

Management 

Both  LANenforcer  and  LANShield  are  manageable  via  a 
command-line  interface  (CLI),  but  we  tested  them  using 
the  separate  management  tools  provided.  With  Nevis’ 
LANsight  Security  Manager,  we  only  had  to  touch  the  CLI 
for  installation  and  debugging.  ConSentry’s  graphical  man¬ 
agement  tool  is  nearly  as  complete, but  not  all  the  product’s 
functionality  is  available  from  that  interface. We  had  to  dive 
into  the  CLI  a  number  of  times  during  initial  setup  for  some 
of  the  basic  configuration  elements. 

LANsight  has  its  good  and  bad  sides.  Its  monitoring  sys¬ 
tem  is  well  designed.  With  only  a  few  clicks,  we  found  it 
easy  to  get  an  idea  of  who  is  logged  on,  see  their  policy  log 
them  off,  and  look  at  where  traffic  is  flowing.  Once  LAN¬ 
enforcer  is  configured,  LANsight  gives  you  a  quick  overview 
of  what  is  happening. 

The  bad  side  is  that  it’s  slow. The  problem  does  not  seem 
to  be  the  management  tool  itself,  but  the  choice  of  Adobe 

See  NAC  test  page  62 
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NaC  test 

continued  from  page  60 

Flash  for  displaying  the  GUI.  On 
our  dual-CPU,  2.3GHz  manage¬ 
ment  client,  going  from  screen  to 
screen  took  between  four  and  10 
seconds  —  just  long  enough  to 
be  frustrating. 

Where  LANsight  really  fell  down 


was  in  configuration  tasks, such  as 
the  creation,  replication  and  con¬ 
figuration  of  enforcement  poli¬ 
cies.  Because  the  whole  point  of 
these  systems  is  to  give  adminis¬ 
trators  the  ability  to  apply  better 
enforcement  to  users,  this  is  a  sig¬ 
nificant  problem.  For  example, 
suppose  you  wanted  to  define 


access  to  printers  (or  Web  servers 
or  file  servers  —  anything  you 
want  to  consider  as  an  atomic 
unit  from  the  point  of  view  of  pol¬ 
icy).  If  the  printers  are  not  all  in 
consecutive  IP  addresses,  you 
would  have  to  create  dozens  or 
hundreds  of  policies, one  for  each 
printer,  rather  than  making  a  sin¬ 


gle  policy  covering  all  printers. 
The  management  system  should 
facilitate  the  implementation  of 
the  enterprise  security  policy  not 
discourage  it. 

ConSentrys  InSight  Command 
Center  has  a  good  monitoring 
system,  with  superior  visibility 
into  what  is  happening  on  the 
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Contractor  friendly  design 

network  in  terms  of  both  security 
and  bandwidth.  With  a  Java- 
based  GUI,  we  found  its  perform¬ 
ance  to  be  snappier  overall  than 
LANsight’s. 

InSight’s  policy  configuration 
was  very  well  put  together. 
Although  the  difficulty  of  config¬ 
uring  a  firewall  with  policies  for 
every  user  seems  a  daunting  task, 
InSight  has  the  right  level  of 
abstraction  and  object-oriented 
design  to  make  it  easy  to  match 
the  configuration  with  the  policy 
we  wanted. 

Where  InSight  disappoints  is 
in  basic  human-interface  de¬ 
sign  and  in  consistency.  For  ex¬ 
ample,  when  you  click  on  some¬ 
thing,  you  may  or  may  not  see 
what  the  current  configuration 
or  properties  are  —  unless  you 
select  to  edit  that  item, and  then 
you  can  see  them  all.  But  the 
design  is  inconsistent,  and 
sometimes  you  see  details  with¬ 
out  having  to  edit  the  object. 
InSight  also  has  a  clumsy  way  of 
managing  configuration  ver¬ 
sions.  ConSentry  wanted  to  be 
able  to  define  configuration 
and  push  it  to  a  device  all  at 
once,  but  the  mechanism  to  do 
that  more  often  will  frustrate 
and  confuse,  rather  than  sim¬ 
plify  the  process. 

Conclusion 

Network  managers  looking  for 
tighter  access  control  than  the 
usual  VLAN  switching  allows, 
should  keep  ConSentry  and 
Nevis  on  their  radar  screens,  in 
addition  to  veterans  Juniper 
and  Vernier,  which  also  offer 
products  in  this  particular  NAC 
space.  ConSentry’s  LANShield 
offers  great  flexibility  in  deploy¬ 
ment  and  an  outstanding  de¬ 
sign  for  policy  management  in 
its  GUI,  although  it  has  limited 
sets  of  malware  protection. 
Nevis’  LANenforcer  brought  a 
broad  set  of  intrusion-preven¬ 
tion  capabilities  to  the  table,  but 
design  flaws  and  bugs  in  critical 
functions  made  for  disappoint¬ 
ing  test  results.  The  pace  of 
change  for  both  start-ups  is  fast 
and  furious,  and  the  issues  we 
found  in  testing  these  versions 
may  be  a  thing  of  the  past 
before  this  time  next  year.  Like 
wine  and  cheese,  both  these 
should  improve  with  age. 

Snyder  is  a  senior  partner  at 
Opus  One,  a  consulting  firm  in 
Tucson,  Ariz.  He  can  be  reached  at 
Joel.  Snyder@opus  1 .  com. 


UjTBfflW 

The  Ultimate  Tape  Format. 


LTO  ULTRIUM  TECHNOLOGY  CAN  SIMPLIFY  YOUR  BACKUP,  ARCHIVE 
AND  COMPLIANCE  CONCERNS  WHILE  REDUCING  STORAGE  COSTS. 

Is  your  data  storage  on  a  continuous  spin  cycle?  The  3rd  generation  LTO  Ultrium  technology  provides 
800GB  tape  capacity*  and  up  to  576GB  per  hour  back-up  speed*  lowering  storage  costs  while  maximizing 
productivity.  Backward  read  and  write  capabilities  allow  for  simple  implementation  and  LTO  WORM 
capability  helps  address  compliance  requirements.  Get  the  best  technology  with  more  choices  and  more 
features  from  multiple  LTO  Ultrium  drive  and  cartridge  manufacturers  offering  competitive  pricing. 

Simplify  your  storage.  Visit  www.ultrium.com 

For  a  free  white  paper — "Is  tape  really  cheaper  than  disk?" —  go  to  www.ultrium.com/whitepaper 

*2:1  compressed  data.  Linear  Tape-Open.  LTO,  the  LTO  logo,  Ultrium,  and  the  Ulttiurn  logo  are  trademarks  of  HP,  IBM  and  Quantum  in  the  US>  and  other  countries 


HP,  Symantec  SUM  wares  hit 
on  discovery,  inventory  tasks 

Both  could  use  some  work  to  deliver  more  advanced  storage  mgmt.  features. 


BY  LOGAN  HARBAUGH 

Storage  resource  management  means  many  things  to  many  people,  vendors 
and  IT  folks  alike.  In  theory  it  covers  everything  from  autodiscovering  stor¬ 
age-area  network  devices  to  alerting  and  reporting  on  enterprisewide  stor¬ 
age  trends;  from  providing  specific  inventory  control  measures  to  supplying 
comprehensive  management  for  the  entire  SAN;  from  enabling  storage 
capacity  management  to  assisting  in  information  life-cycle  management 


and  storage  provisioning  tasks. 


In  this  Clear  Choice  test  we  targeted  products  that  cover 
most  of  these  storage-management  bases  in  a  heteroge¬ 
neous  environment. To  that  end,  we  sought  to  include  the 
following  products:  Brocade’s  Fabric  Manager,  Cisco’s 
Fabric  Manager,  CA’s  StoreAge,  Commvault’s  Storage 
Manager,  EMC’s  SAN  Manager,  Hitachi’s  HiCommand 
Storage  Services  Manager,  HP’s  Storage  Essentials  Enter¬ 
prise  Edition,  IBM/Tivoli  s  Storage  Manager,  Softek’s  Storage 
Manager  and  Symantec’s  Veritas  CommandCentral  Storage. 

Only  HP  and  Symantec  took  up  the  gauntlet.  Hitachi’s 
software  runs  only  on  its  hardware,  and  company  officials 
said  they  didn’t  have  a  system  small  enough  (less  than  7U) 
to  meet  our  lab  criteria.  EMC  said  it  has  a  new  version  of  its 
product  coming  out  in  early  2007  and  may  let  us  test  that 
when  it’s  available. Commvault  said  its  product  has  more  of 
a  focus  on  backup  storage  software.  Brocade  agreed  to  par¬ 
ticipate  but  then  changed  its  mind  and  pulled  out  of  the 
test  before  sending  the  product  to  our  lab.The  rest  declined 
to  participate. 

Overall,  HP’s  Storage  Essentials  Enterprise  Edition  scored 
slightly  higher  than  Symantec’s  Veritas  CommandCentral 
Storage  to  earn  the  Clear  Choice  award,  though  the  differ¬ 
ences  between  the  two  are  slight.  HP  supports  more 
devices  on  the  SAN,  particularly  in  the  area  of  storage  from 
smaller  vendors  such  as  Xiotech  and  3Par.  HP  is  also  more 
scalable  due  in  large  part  by  its  underlying  Oracle  data¬ 
base.  Symantec  has  a  simpler  installation  process  (see 
installation  story  at  www.nwdocfinder.com/6324),  with  a 
'  ingle  product  to  install  rather  than  three, but  may  not  be  as 
scalable  in  large  installations, because  the  database  isn’t  set 
up  on  a  separate  server  (this  would  only  be  an  issue  in  very 
large  SANs).  Veritas  CommandCentral  Storage’s  ability  to 
gather  information  via  the  command-line  interfaces  of  stor¬ 
age  devices  and  switches  is  more  of  a  chore  to  configure 
but  allows  the  administrator  to  add  unsupported  devices 
by  adding  the  commands  for  those  devices  manually 
Because  both  products  are  comparable  in  starting  price  at 
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$25,000  for  Symantec’s  and  $30,000  for  HP’s,  the  biggest 
dividing  line  for  administrators  will  be  which  supports 
more  of  the  devices  in  use  at  your  organization. 

These  management  systems  are  complex.  They  comprise 
management  software  as  well  as  agents  running  on  storage 
attached  servers  with  various  operating  systems.  They 
include  a  database  for  storing  performance  statistics  on 
storage  and  SAN  utilization, and  information  on  the  number 
and  types  of  files,  as  well  as  optional  applications  that  pro¬ 
vide  services  such  as  virtualization  and  the  ability  to  collect 
data  from  enterprise  applications  such  as  Exchange  or  data¬ 
bases.  The  SANs  they  monitor  and  manage  can  be  equally 
diverse,  including  host  bus  adapters  (HBA),  Fibre  Channel 
switches,  storage  subsystems,  the  operating  systems  on  the 
servers  attached  to  the  storage,  and  possibly  even  applica¬ 
tions  accessing  the  storage.  (See  details  on  how  our  test  bed 
was  built,  www.nwdocfinder.com/6325.) 

The  Storage  Management  Initiative  Specification  (SMI-S) 
of  the  Storage  Networking  Industry  Association,  which  has 
been  adopted  as  a  standard  by  ANSI,  provides  a  universal 
interface  to  query  and  manage  SAN  devices.  But  it  has  not 
been  widely  implemented  in  new  devices,  and  older 
devices  don’t  support  it  at  all.  So  many  management  appli¬ 
cations  communicate  with  SAN  devices  through  the  APIs 
published  by  the  vendor,  which  means  that  smaller  vendors 
may  not  be  supported  by  a  given  management  application. 
In  our  test  bed,  both  management  products,  while  theoreti¬ 
cally  SMI-S  compliant,  used  their  own  switch,  storage  and 
HBA  proprietary  APIs  to  communicate  with  devices  rather 
than  using  SMI-S  queries. 

Our  testing  required  that  both  products  autodiscover  a 
SAN  comprising  a  total  of  nine  HBAs  from  QLogic  and 
Emulex,  two  QLogic  Fibre  Channel  switches,  Nexsan 
SATABlade  and  SATABeast  storage  arrays,  Windows  2000 
and  2003  servers,  and  RedHat  ES  3.0  and  4.0  and  SUSE 
Linux  10  servers.  The  IP  network  had  three  segments  in  a 
simulated  WAN  configuration  and  two  SAN  segments  using 


logical  unit  number  (LUN)  masking. 

Both  HP’s  and  Symantec’s  products  did  well  in  discover¬ 
ing  SAN  devices  and  providing  basic  inventory  of  our  SAN. 
Both  discovered  and  correctly  identified  all  the  devices  on 
the  SAN  in  less  than  a  minute. 

However,  getting  the  products  to  go  beyond  discovery 
and  supply  some  actual  management  of  the  devices  was 
bumpier.  For  example,  neither  product  would  manage  the 
Nexsan  storage  systems  to  do  tasks  such  as  creating  parti¬ 
tions,  expanding  storage  or  setting  up  LUN  masking.  Also, 
neither  was  able  to  manage  all  of  the  HBAs.  HP’s  offering 
was  unable  to  manage  the  two  oldest  QLogic  and  one  of 
the  Emulex  HBAs,  while  Symantec  was  only  able  to  man¬ 
age  five  out  of  nine  HBAs. The  point  is  to  peruse  carefully 
the  compatibility  charts  before  you  begin.  (See  those  charts 
for  HP  and  Symantec,  respectively  at  www.nwdocfind 
er  .com/6322  and  6323.) 

Both  products  require  agents  to  sit  on  Linux  systems  to 
gather  management  data  from  storage  attached  to  those 
systems.  For  storage  tied  to  Windows  systems,  agents  are 
required  to  collect  information  not  gathered  by  the 
Windows  Management  Interface,  a  built-in  tool  that  can 
gather  statistics  on,  for  example,  file-system  use  and 
throughput  of  network  devices.  The  bottom  line  is  that 
these  systems  are  much  like  network  management  sys¬ 
tems,  requiring  a  fair  amount  of  assembly  and  tuning. 

What  follows  are  the  detailed  observations  collected 
about  each  product  during  testing. 

HP's  Storage  Essentials  Enterprise  Edition 

Storage  Essentials  is  not  really  one  product,  but  a  family 
of  products.  The  Enterprise  Edition  includes  Storage 
Essentials,  Storage  Insight  Manager  (SIM),  a  software  con¬ 
nector  piece  between  the  two  pieces  of  software,  and  an 
Oracle  database  server.  Each  of  these  pieces  is  installed 
separately,  and  once  all  are  set  up,  the  whole  is  nicely  inte¬ 
grated  and  fairly  seamless  to  use. 

Discovery  is  quick  and  works  well  across  an  entire  multi¬ 
network  Windows  domain,  as  long  as  permissions  are  set 
up  correctly  Storage  Essentials  provides  detailed  visibility 
into  HBA, switch  and  storage  configuration, showing  all  the 
same  information  you’d  get  from  the  dedicated  manage¬ 
ment  utilities  provided  by  the  manufacturers,  such  as  net¬ 
work  names  and  worldwide  names  and  numbers,  port  con¬ 
nected  to,  LUN  masking  information  and  speed  of  interface 
supported  and  in  use.  The  storage-specific  information  it 
garners  included  size  of  volume,  number  of  files,  space 
used, space  free  and  types  of  files, as  a  few  examples.  It  can 
also  use  optional  application  modules  to  get  storage-relat¬ 
ed  information  such  as  the  size  of  the  database,  storage 
used  by  each  user,  or  system  latency  from  applications  such 
as  Exchange  and  a  variety  of  databases.  We  did  not  test 
these  modules. 

Storage  Essentials  can  manage  a  great  variety  of  devices 
in  many  ways.  As  long  as  you’re  not  trying  to  run  unsup¬ 
ported  devices,  you  can  have  a  single  console  for  tracking 
storage  inventory  receiving  alerts  and  conducting  manage¬ 
ment  for  the  entire  SAN. 

A  topology  view  in  the  console  gives  you  a  visual  repre¬ 
sentation  of  the  overall  SAN,  showing  interswitch  links, 
redundant  and  offline  connections,  each  device  on  the 
SAN,  how  they’re  connected  to  each  other,  with  what  kind 

See  SRM,  page  66 


With  the  ScanSafe  Web  security  team  on  your  side,  you’ll  have  an  unfair  advantage  in  the  fight  against  spyware,  viruses,  phishing 
and  other  Web-based  threats.  Blocking  malware  and  unwanted  content  before  they  reach  your  network,  our  managed  services 
eliminate  the  burden  of  managing,  maintaining  and  updating  your  in-house  security  infrastructure,  freeing  you  to  focus  on  business 
critical  IT  projects. 

Our  support  team  and  threat  experts  are  available  around-the-clock,  protecting  your  network  from  the  latest  outbreaks.  All  our 
services  are  backed  by  SLAs  that  guarantee  pure,  safe  Internet  content  at  up  to  a  40%  lower  cost  of  ownership  than  hardware 
solutions.  Let  our  managed  services  be  your  instant  Web  security  team,  helping  you  turn  the  tables  on  Web  threats  you  face  today 
and  the  new  malware  threats  of  tomorrow. 

To  learn  more  call  1-866-4-PORT-80 
Or  visit  www.scansafe.com 

Your  Web  Security  Team 
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Storage  Essentials  Enterprise  Edition 

Veritas  CommandCentral  Storage  4.3 

Vendor 

HP 

http://h18006.www1.hp.com/products/storage/ 

softtware/e-suite/index.html 

Symantec 

www.symantec.com/about/news/resources/ 

index.jsp 

Price 
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the  product  quite  scalable. 
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Install  is  more  complex. 

CLI  administrative  setup  is  complex,  but  offers 
:  potential  support  for  more  devices. 

Score 
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of  connection  (lG/2G/4Gbps  connection),  the  name  of 
each  device,  the  type  of  server  each  HBA  is  connected  to, 
and  what  type  of  switch  or  storage  is  connected.The  capac¬ 
ity  manager  tool  lets  you  view  overall  disk  space  in  use  for 
the  entire  SAN  as  well  as  direct-attached  storage  on  servers, 
and  gives  you  a  means  of  setting  alarms  for  items  such  as 
volumes  that  are  low  on  capacity  having  all  ports  in  use  on 
switches,  links  that  are  running  at  full  bandwidth  capacity 
ports,  switches  or  storage  that  have  failed  or  aren’t  respond¬ 
ing  as  quickly  as  they  should. 

The  performance  analysis  and  monitoring  tools  provide  a 
view  of  the  SAN’s  historical  trend  data  and  lets  you  set 
alarms  if  SAN  bandwidth  utilization  exceeds  thresholds  or  if 
server  queue  lengths,  memory  utilization  or  other  bench¬ 
marks  are  too  high.  The  alarms  that  we  tested  all  worked, 
and  offer  great  detail  (there  are  hundreds  of  possible  alarms 
to  set). The  HP  SIM  software  allows  you  to  set  policies  that 
will  e-mail  you  if  thresholds  are  crossed,  or  even  execute 
scripts  to  add  capacity  to  a  volume  or  limit  the  amount  of 
space  a  user  can  fill.  Scripting  is  limited  to  the  imagination 
of  the  administrator  —  any  of  the  thousands  of  manage¬ 
ment  tasks  that  can  be  accomplished  through  the  GUI  can 
be  scripted.  Basic  scripts  were  easy  and  straightforward  to 
set  up,  and  there  are  testing  tools  that  allow  you  to  see  the 
results  of  a  running  script  before  you  put  it  into  production. 

If  you  get  an  alert,  Storage  Essentials  provides  some  effec¬ 
tive  troubleshooting  tools  that  allow  you  to  discover  what 
storage  is  visible  from  a  given  server  without  having  to 
access  the  server  directly,  for  example,  reporting  on 
whether  an  EMC  storage  array  that  is  connected  to  the  SAN 
is  available  to  the  server.  Additionally,  you  can  poll  HBAs 
and  switches  to  make  sure  they  are  properly  configured 
and  operating  correctly  and  then  roll  configuration 
changes  or  software  updates  out  to  all  devices  on  the  SAN 
if  necessary  We  were  able  to  roll  out  configuration  changes 
automatically  to  the  switch  and  HBAs,  and  while  you 
would  want  to  carefully  debug  a  deployment,  the  basic 
process  is  straightforward. 

Storage  Essentials  provides  role-based  security,  giving 
lower-level  administrators  self-service  storage  in  their 
domain  without  granting  access  to  the  entire  SAN.This  fea¬ 
ture  also  lets  you  easily  transfer  administrative  rights  from 
one  administrator  to  another  without  having  to  create  new 
accounts.  Reporting  tools  are  excellent,  easy  to  use  and 
powerful.  Reports  can  include  any  of  the  thousands  of 
details  that  the  agents  collect  on  the  SAN,  from  user  statis¬ 
tics,  average  utilization  by  port  number  to  SAN  storage  uti- 
lization.You  can  organize  the  data  in  any  way  you  like  from 
columnar  text  to  fancy  bar  graphs. 

Symantec's  Veritas  CommandCentral  Storage 

Once  completely  installed,  CommandCentral  Storage 
provides  a  single  window  into  the  SAN,  giving  you  the  abil¬ 
ity  to  discover  and  manage  SAN  devices  and  file  servers,  as 
well  as  set  alerts  and  access  reporting  tools.  With  addition¬ 
al  optional  modules,  CommandCentral  Storage  can  pro¬ 
vide  in-depth  reporting  and  management  of  file  servers, 
Microsoft  Exchange,  databases  on  Linux  (not  Windows) 
and  storage  virtualization.  In  addition  to  the  Veritas  Security 
Service  logon,  which  controls  access  to  the  Veritas 
Command  Central  Storage  application  as  well  as  any  other 
Veritas  storage  applications  on  your  network,  you  can  con¬ 
figure  the  server  to  use  SSL  rather  than  HTTP  to  access  the 
system,  though  this  is  not  the  default  setting. 

Discovery  of  the  devices  on  the  SAN  and  servers  with 
agents  installed  was  quick  and  painless.  As  with  the  HP 
product,  visibility  into  detailed  configuration  parameters 
was  simply  a  matter  of  right-clicking  on  an  object  to  get 


more  details,  including  switch,  port  and  configuration  para¬ 
meters.  The  console  can  autodiscover  devices  connected 
via  Fibre  Channel  or  let  you  manually  inventory  devices 
over  an  IP  network  using  SNMPThe  autodiscovery  option 
serves  up  basic  information  on  any  SAN-connected  device 
—  for  full  information  and  manageability  you  need  to 
install  agents  on  server-connected  devices,  then  manually 
add  those  hosts  to  the  list  of  connected  servers.The  system 
will  not  autodiscover  and  add  systems  with  agents;  you 
have  to  manually  add  the  agent  host  names  to  the  list  first 
or  browse  for  available  agents  and  tell  the  console  to  con¬ 
nect  to  them.The  SNMP  method  requires  some  preliminary 
configuration,  using  the  appropriate  server  or  device 
logons  and  passwords,  which  is  not  a  limitation  of  the 
Veritas  CommandCentral  Storage  but  a  limitation  of  SNMR 
which  doesn’t  broadcast  any  information  until  after  logon. 

Once  server  agents  have  been  added  and  SNMP  config¬ 
ured, administration  of  the  SAN,  including  setting  alerts, run¬ 
ning  reports  or  managing  any  of  the  available  configura¬ 
tion  settings  on  devices  can  all  be  accomplished  easily, 
although  not  quite  as  transparently  as  with  the  HP  product. 
On  the  other  hand,  the  availability  of  SNMP  management 
allows  for  some  control  over  storage  devices  that  aren’t 
directly  supported  via  APIs.  For  example,  we  were  able  to 
manually  configure  CommandCentral  Storage  to  adminis¬ 
ter  the  Nexsan  storage  through  the  command  line  man¬ 
agement  interface  provided  by  Nexsan,  although  each 
management  command  had  to  be  entered  manually  and 
saved. This  would  only  be  useful  if  you  had  a  large  number 
of  identical  devices  on  the  SAN,  because  each  command 
for  each  device  has  to  be  saved  separately 

CommandCentral  Storage  includes  the  same  types  of 
tools  for  capacity  planning  and  historical-trend-data  gath¬ 
ering  as  HP’s  products.  You  can  gather  historical  data  on 
any  aspect  of  the  SAN  from  switch  or  port  utilization  to 
amount  of  space  free  on  a  volume,  and  see  trends  over 
time.You  can  also  set  up  policies  that  can  be  applied  across 
all  devices  of  the  same  type  (setting  up  all  switches  to  use 
1G  or  2Gbps  connections,  for  instance). 

The  variety  and  flexibility  of  reporting  tools,  trend  analy¬ 
sis  and  setting  of  alerts  is  enough  to  support  pretty  much 


any  desired  task,  including  chargeback  and  storage  report¬ 
ing  and  management.  For  instance, you  can  set  up  a  group 
containing  all  the  users  in  a  department  and  then  identify 
how  much  storage  each  department  uses,  so  that  you  can 
bill  each  department  in  the  organization  for  its  share  of  the 
cost  of  storage. 

Like  Storage  Essentials,  CommandCentral  Storage  sup¬ 
ports  role-based  administrative  user  accounts,  so  accounts 
can  be  easily  transferred  from  one  administrator  to  anoth¬ 
er.  Therefore,  one  administrator  can  be  assigned  adminis¬ 
trative  rights  over  only  the  portion  of  a  storage  array  avail¬ 
able  to  a  given  server,  for  instance,  so  that  local  administra¬ 
tors  can  handle  storage  for  their  servers  without  needing 
access  to  the  rest  of  the  SAN. 

Conclusion 

Both  of  these  products  will  appeal  to  SAN  administrators. 
Each  has  characteristics  that  an  administrator  may  consid¬ 
er  to  be  pros  or  cons,  depending  on  their  needs.  For  exam¬ 
ple,  HP’s  more  cumbersome  multiproduct  installation 
makes  initial  setup  harder,  but  the  dedicated  Oracle  data¬ 
base  can  be  run  on  a  different  system  than  the  data  col¬ 
lector,  making  the  system  more  scalable  than  the  Symantec 
system.  Likewise,  the  Symantec  system  requires  more  man¬ 
ual  configuration  to  use  SNMP  and  to  enable  management 
of  some  products,  but  this  system  also  allows  administra¬ 
tors  to  manage  systems  that  aren’t  directly  supported  via  an 
API.  HP  has  a  complex  pricing  system  that  takes  into 
account  the  number  of  devices  and  applications  managed 
and  the  number  of  terabytes  of  storage  managed,  while 
Symantec  bases  pricing  on  number  of  servers,  with  addi¬ 
tional  costs  for  some  features. 

Either  of  these  products  can  be  installed  and  configured 
to  inventory  a  SAN,  manage  devices,  send  alerts  and  create 
reports,  and  should  quickly  recoup  the  cost  of  the  software 
in  savings  of  administrator  time  over  the  old  spreadsheet 
inventory  system  and  18  management  applications. 

Harbaugh  is  a  freelance  writer  and  consultant  with  20 
years  of  systems  administration  and  testing  experience.  He 
can  be  reached  at  logan@lharba.com. 
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Wish  you  had  more  time  to  tackle  your  more  challenging  projects  —  like  compliance,  system  consolidation  and 
security?  With  Quantum's  Echelon  DX-Series  Disk  Platform,  backup  and  recovery  responsibilities  have  changed 
for  the  better.  The  DX-Series  features  capacities  from  1.2TB  to  14.4TB  for  agencies  seeking  high-speed  recovery 
and  extreme  reliability  beyond  what  a  tape-only  environment  can  deliver.  With  our  certified  service  and  support, 
including  proactive  StorageCare™  Guardian  monitoring,  you'll  be  tackling  more  career-advancing  IT  projects 
in  no  time.  To  find  out  how  Quantum's  got  you  covered,  call  866-827-1500  or  visit  us  at  www.quantum.com. 
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Tech  execs  lengthen  tenure 

Today’s  CIOs  are  sticking  around  longer  because  they  contribute  to  the  business. 


BY  LAUREN  GIBBONS  PAUL 

ood  news  for  CIOs:  Tenure  in 
the  top  IT  spot  has  lengthened 
over  the  last  few  years,  hitting 
an  average  of  3.6  years,  according  to 
a  recent  Society  for  Information 
Management  survey 

The  “State  of  the  CIO  2006”  survey  from  CIO  magazine  (a 
sister  IDG  publication  of  Network  World)  takes  an  even 
more  bullish  view,  citing  an  average  tenure  of  nearly  five 
years.  Theses  findings  are  more  optimistic  than  the  18- 
month  figure  that  was  widely  quoted  as  a  CIO’s  average 
longevity  just  a  few  years  ago. 

What’s  behind  the  longer  stays  on  the  job?  CIOs  have 
found  ways  to  extend  their  sphere  of  influence  beyond  IT, 
says  Sam  Marwaha,  a  New  York  principal  at  consultancy 
McKinsey  &  Co.  For  example,  one  of  Marwaha’s  CIO  clients 
had  extensive  work  experience  in  a  low-margin  industry 
When  he  changed  to  a  higher-margin  industry, he  took  over 
the  running  of  corporate  shared  services  (including  HR, 
procurement  and  facilities  management)  in  addition  to 
heading  up  IT.“He’s  part  of  delivering  standard  business  in¬ 
frastructure  services.That  will  lengthen  his  stickiness  to  the 
organization,”  he  says. 


(HO  tenure 

According  to  a  survey  of  500  CIOs  by  CIO 
magazine,  the  average  tenure  is  4  years,  11  months. 
Here's  how  long  the  IT  execs  have  remained  in 
their  current  positions: 

More  than  10  years  - 

9%  \ 


Less  than  two  years 

24% 


2-5  years 

35% 


5-10  years 

31% 


•  Totel  doesn't  equal 
100  because  of 
rounding. 

SOURCE:  C/O  MAGAZINE  2006 


Because  technology  is  an  integral  part  of  business  pro¬ 
cesses  and  functions,  in  many  organizations  it  is  second 
nature  for  the  CIO  to  take  ownership  of  process  improve¬ 
ment  initiatives,  such  as  Six  Sigma.“As  processes  are  based 
more  on  technology  CIOs  can  own  them.This  links  the  CIO 
much  more  tightly  to  the  business,  with  the  potential  to  have 
a  faster  impact,”  says  Paul  Wilmott,a  McKinsey  principal. 

Successful  CIOs  are  involved  outside  IT  to  such  a  degree 
today  one  wonders  if  the  role  will  endure  as  a  separate  enti¬ 
ty  Another  McKinsey  client  has  taken  over  responsibility  for 
delivering  innovation  to  the  business.  “Having  a  CEO-level 
mandate  to  drive  business  innovation  gives  an  ability  to  be 
migrated  into  the  lines  of  business, ’’Wilmott  says. Many  CIOs 
are  crossing  from  technology  into  business  lines  and  back 
again,  making  it  even  more  possible  for  them  to  communi¬ 
cate  with  their  business  counterparts,  as  well  as  to  execute 
initiatives  aligned  with  business  goals. 

When  Tom  Shelman  assumed  the  CIO  mantle  at  Northrop 
Grumman  almost  a  decade  ago,  he  had  a  strong  business 
track  record.  Northrop  had  just  acquired  Shelman’s  em- 
ployer.To  his  surprise,  the  Los  Angeles-based  global  defense 
company  offered  him  the  position  of  CIO  and  vice  presi¬ 
dent  of  technology. Though  Northrop’s  revenue  at  the  time 
was  about  $6  billion,  not  today’s  $30  billion,  Shelman  was 
overwhelmed.  Outlasting  the  industry-average  CIO  tenure 
was  not  high  on  his  radar  screen. 

“My  first  year  I  was  drinking  from  a  fire  hose.  We  had  in¬ 
dustry  downsizing  and  brutal  budget  reductions,”  Shelman 
says.  By  the  second  year,  he  felt  more  comfortable  and 
ready  to  roll  with  whatever  changes  the  job  would  bring.“lt 
hasn’t  been  the  same  job  any  two  years,”  he  says.  Shelman 
has  succeeded  in  underspending  his  IT  budget  year  in, year 
out,  even  as  the  business  has  grown  rapidly 

“Now  I  have  VPs  under  me  who  are  in  charge  of  busi¬ 
nesses  as  large  as  the  one  I  headed  when  I  became  [cor¬ 
porate]  CIO,”  says  Shelman,  who  attributes  his  longevity  in 
part  to  his  willingness  to  be  judged  alongside  every  other 
business  leader.“I  have  a  commitment  to  take  out  costs  or 
produce  increased  margin,”  he  says. 

A  shift  in  metrics 

Traditionally  CIOs  stumble  when  it  comes  to  the  metrics 
by  which  they  are  judged,  Marwaha  and  Wilmott  say  Today 
even  CIOs  at  large  companies  typically  are  measured  by 
their  ability  to  slash  IT  costs.The  only  thing  they  usually  get 
measured  on  is  the  cost  of  IT.That  s  why  [CIOs]  have  to  say 
no  to  things,”  Marwaha  says.That’s  often  the  root  of  the  dis¬ 
connection  between  IT  and  the  business.  If  CIOs’  perfor¬ 
mance  is  measured  on  such  things  as  process  improve¬ 
ment  and  number  of  business  innovations,  on  the  other 
hand,  their  worth  to  the  business  will  be  clearer. 

The  trick  is  to  reframe  the  dialog  to  deemphasize  the  im¬ 
portance  of  cost  savings  so  IT  is  measured  on  its  ability  to 
affect  the  bottom  line.“We  have  seen  CIOs  successfully  en¬ 
gaging  senior  management  and  convincing  them  they 


Tom  Shelman  has  longevity  at  Northrup  Grumman,  where  he 
has  held  the  CIO  role  for  nearly  10  years. 


should  be  measured  on  different  things,”  Marwaha  says. 

Another  factor  contributing  to  greater  stability  in  the  CIO 
position  is  the  end  of  the  last  boom-bust  cycle  at  the  end  of 
the  1990s  and  the  beginning  of  the  21st  century  “You  saw 
high  turnover  during  the  dot-com  upswing  and  down¬ 
swing.  During  the  boom  companies  thought  they  needed  a 
whole  new  animal  to  run  IT.  In  the  downturn,  they  thought 
they  needed  a  cost-based  person, ’’Wilmott  says.“Busi nesses 
have  gotten  much  smarter  on  who  they  need  in  the  job. 
There  is  an  increasing  recognition  that  IT  problems  are  dif¬ 
ficult  to  solve  overnight.” 

For  his  part, Shelman  says  he  expects  to  be  judged  on  the 
same  time  frame  as  his  business  peers.  “I’m  certainly  not 
planning  on  taking  longer  to  deliver  results  than  anyone 
else.  If  you  understand  how  technology  enables  the  busi¬ 
ness,  you  should  be  able  to  lead  the  way  on  that,”  he  says. 

Paul  is  a  freelance  writer  in  Waban,  Mass.  She  can  be 
reached  at  lauren.paul@comcast.net 
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By  2010,  the  increase  in  expense  to  power  and  cool  servers  is  projected  to  be  approximately  four  times  the 
increase  in  new  server  spending.1  The  IBM  System  x3655  Express  can  help  control  rising  energy  costs  starting 
today.  How?  It  comes  with  an  ingenious  technology  called  PowerExecutiver  which  allows  you  to  allocate 
power  to  each  server,  helping  to  optimize  and  save  you  money.2  Only  IBM  has  it.  The  x3655  is  just  one  of 
many  Express  systems  designed  for  business  performance  computing.  With  IBM,  innovation  comes  standard. 
So  why  waste  energy  on  anything  else? 


AUTOMATICALLY  PUTS 
YOUR  BUSINESS  INTO 
ENERGY-SAVING  MODE. 


IBM  System  x3655  Express 

Mission-critical  availability  and  performance  in  an  affordable  package. 


Monitor  power  consumption  and  allocate  power  where  needed  with  PowerExecutive 


64GB  maximum  low-power  DDR2  memory 


Choose  flexibility  and  robust  I/O  configuration  with  IBM  extended  I/O _ 

Featuring  the  Next-Generation  AMD  Opteron™  processor  with  AMD  PowerNow!™  technology 


Limited  warranty:  3  years  on-site3 


AMD  1 


From 


$2,359 


or  Sei/montlT 


Opteron 


'All  prices  are  IBMS  estimated  retail  selling  prices  as  ot  October  3, 2006.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end 
users  may  vary  Products  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  otter  the  products,  teatures  or  services 
discussed  in  this  document  in  oitier  countries.  Prices  subject  to  change  without  notice  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features. 
Contact  your  I8M  representative  or  IBM  Business  Partner  lor  the  most  current  pricing  in  your  geography.  1.  Based  on  “IDC.  'The  Impact  of  Power  and  Cooling  on  Data 
Center  infrastructure.'  Document  #201722,  May  2006^  page  six,  which  highlights  that  a  rapidly  rising  server-installed  base  is  projected  to  drive  an  increase  in  the  cos!  ol 
power  and  cooling  over  the  next  five  years  2.  PowerExecutive  can  help  save  power  during  periods  ol  lower  utilization.  3.  IBM  hardware  products  are  manufactured  Irom 
new  parts,  or  new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor.  IBM  will 
attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  (ecnniciari.  On-site  warranty  is  available  only  for  selected  components  •)  IBM  Global  Financing 
Offerings  are  provided  through  IBM  Credit  iLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  arid  government  customers 
Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monlhly 
payments  Other  restrictions  may  apply.  Rates  and  ottenngs  are  subied  to  change,  extension  or  withdrawal  without  notice.  Information  about  non-IBM  products  Is  obtained 
Irom  the  manutacturers  of  those  products  or  their  published  announcements.  IBM  lias  not  tested  those  products  and  cannot  conlirm  the  performance,  compatibility  or  any 
other  claims  related  to  non-IBM  products.  Questions  on  tlie  capabilities  ol  non-IBM  products  should  be  addressed  to  the  suppliers  of  those  products.  IBM.  the  IBM  logo 
and  PowerExecutive  are  trademarks  or  registered  trademarks  ol  international  Business  Machines  Corporation  in  the  United  Slates  and/or  other  countries.  AMD,  the  AMD 
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of  others  ©2006  IBM  Corporation.  All  rights  reserved 


WHY  WAIT? 

PAY  $0  FOR  THE  NEXT  3  MONTHS. 

Get  the  System  x3655  Express 
now  and  defer  payment  for  the 
next  3  months. 

Learn  more  at: 
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Current  sniffer  can't  keep  up? 


Clear  out  problems  with  Observer  1 1 .  Now  with  enterprise-strength  VoIP  analysis.  Includes  enhanced  VoIP  troubleshooting, 
integrated  NetFlow  and  sFlow®  support,  MultiHop  Analysis,  and  64-bit  Windows  scalability.  It's  time  to  reset  your  analyzer. 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 

US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 

~ 


OBSERVER' 


RELAX.  YOU’RE  IN  CONTROL  NOW. 

Manage  remote  offices  from  wherever  you  are. 

Secure  your  Data  Center.  No  software  licensing  fees. 
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4:  UltraLink™ 


Digital  KVM  IP 


State  of  the  art  security 

Dependable,  Powerful,  Secure,  Guaranteed 

24/7  Mission  Critical  Reliability 
Industry  Best  Video 
USB,  PS/2,  Serial  Support 
Single,  Dual,  Quad  Models 


Digital  KVM  IP 
Switches 

Switch  &  control  l,OOOs 
of  computers  &  network 
devices  over  IP 
Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


Multi- platform 
KVM  switches 

Switch  &  control  l,OOOs  of 
computers  and  network 
devices 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


KVM  Extenders 

Extends  keyboard,  video, 
and  mouse  signals  up  to 
33,000  feet 

fiber,  CATx 
DVI,  VGA,  High  Res. 
PS/2,  USB,  Sun 
Audio,  Serial 


KVM  Rack  Drawers 


The  most  efficient  way  to 
organize  your  server  room. 

1U  or  2U 

15",  17",  19"  or  20" 
VGA,  DVI 
PS/2,  USB,  or  Sun 
Touchpad  or  Trackball 


Panel  Mount  LCD 


Mounts  vertically  in  a 
standard  19"  rack. 

15",  17",  19"  20",  or  23" 

VGA,  DVI,  S-Video 
Optional  Touchscreen 
Optional  Built-in  KVM  Extenders 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  85057 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTONICS  10707  STANCUFF  ROAD  -  HOUSTON,  TEXAS  77099 
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NetSupport  Manager 
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Maximum  Control.  Minimum  Effort. 

Due  to  a  diverse  range  of  platforms,  computers  and  mobile  devices  in  use  across 
today's  corporate  environments,  providing  effective  remote  support  can  prove  to 
be  a  bit  of  a  headache.  That's  why  NetSupport  Manager  (NSM)  vl  0  is  not  your 
typical  PC  Remote  Control  solution. 

Aside  from  offering  class  leading  PC  Remote  Control  and  monitoring  functionality, 
NSM  provides  extensive  multi-platform  support,  including  Windows,  Linux,  Mac, 
Solaris  and  Windows  Mobile  as  well  as  supporting  real-time  inventory  and 
management  tools. 


So  if  you  need  to  focus  on  more  than  just  your  standard  PC  desktops  take  a  look  at 
NSM  and  see  how  it  can  give  you  the  full  picture. 
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For  more  information  and  to  download  a  free  trial  copy 
VISIT: 

www.netsupportmanager.com 


sales@netsupport-inc.com 


770-205-4456 


www.netsupport-inc.com 
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WELCOME  TO  THE  FUTURE  OF  DATA  CENTERS  :  HIGH  DENSITY  HOSTING,  INC. 


<a: 


Efficiently  aggregate  full-duplex  data  into 
your  analysis  or  security  device. 


Hi® 

Buffer  options: 


•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  ail  commercial  analysis  systems 

•  Also  works  with  open-source  tools 

Learn  more.  Visit  www.networkTAPs.com, 


256  MB . $1,495 

512  MB . $1,995 


i«  TAP 


TM 


Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  /iTAPs  for  full-duplex  analyzer  systems. 
Free  overnight  delivery* 

www.networkTAPs.com  •  1-866-GET-nTAP 


F€  C€ 


‘Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  1 2  p.m.  Central  Time. 
©  2006  Network  Instruments,  LLC.  nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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FEATURING  UP  TO  20KW  PER  RACK  OF 


LIQUID  COOLING 


THAT’S  JUST  PLAIN  COOL 


The  Typical  Data  Center  can  only  cool  3KW  per  rack,  however  HiDHo  can 
provide  up  to  20KW  of  cooling  and  the  necessary  power  to  support  the 
Highest  Density  Rack  Mounted  equipment.  This  is  accomplished  by  using 
APC  InfrastruXure™  equipment  which  returns  all  heated  air  directly  back  to 
the  Liquid  Cooled  CRAC  units.  Keeping  up  to  20KW  per  rack  at  a  frosty 
level  is  nothing  to  sneeze  at! 


Grab  a  scarf  and  visit  our  facility.  It  is  a  quick  and  easy  experience  -  just 
call  678-498-4567  or  email  sales@hidho.com  for  a  free  consultation.  Isn't 
it  time  you  store  your  company's  irreplaceable  data  in  the  coolest  place 

around?  Visit  HiDHo  online 
or  in  person  and  see  why 
this  is...  Just  Plain  Coo!, 


678.498.4567  :  WWW.HIDHO.COM  :  LOCATED  IN  ALPHARETTA,  GA 


m  HiDHo 
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High  Density  Hosting,  Inc 


SENSAPHONE® 


Monitor  everything  that  threatens  your  data  center, 
and  Know  Everything. 

To  learn  more  visit  Or  call  toll  free 

www.ims-4000.com  877-373-2700 


•  She’s  tracking  ENVIRONMENTAL  THREATS  like 
temperatures,  power  failures,  water  on  the  floor,  smoke,  fire, 
and  more. 


•  She’s  checking  NETWORK  CONNECTIVITY 
and  SERVER  RESPONSE. 


Video 


r- 

Motion 


Temperature 


Humidity 


Water 
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Smoke 


•  She’s  watching  PHYSICAL  SECURITY  with  video,  motion, 
and  door  switches. 


The  IMS-4000  is  a  scaleable,  stand  alone. 
Infrastructure  Monitoring  System  with  data 
trending,  instant  notification,  integrated 
battery  backup,  and  redundant  communi¬ 
cation  paths  for  maximum  reliability. 


Instantly  Search  Terabytes  of  Text 


Contact  dtSearch  for 
fully-functional  evaluations 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed, 
fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF, 
while  displaying  links,  formatting  and 

♦  converts  other  file  types  (database, 
word  processor,  spreadsheet,  email 
and  attachments,  ZIP,  Unicode,  etc.)  to 
HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic 
Web  content,  with  WYSWYG 
hit-highlighting 

♦  API  supports  .NET/. NET  2.0,  C++,  Java, 
SQL  databases.  New  .NET /.NET  2.0 
Spider  API 

dtSearch®  Reviews 


♦  "Bottom  line:  dtSearch  manages  a 
terabyte  of  text  in  a  single  index  and 
returns  results  in  less  than  a  second" 

-  InfoWorld 

♦  "For  combing  through  large  amounts 
of  data,  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  "Blindingly  fast"-  Computer  Forensics: 
Incident  Response  Essentials 

♦  "Covers  all  data  sources  ...  powerful 
Web-based  engines"  -  eWEEK 

♦  "Searches  at  blazing  speeds" 

-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search 
tool  on  the  market"-  Wired  Magazine 

For  hundreds  more  reviews  —  and 
developer  case  studies  —  see 
www.dtsea  rch  .com 


1-800-IT-FINDS  •  www.dtsearch.com 


Start  with  the  right  rack, 
and  you  can't  go  wrong. 

Get  the  seamlessly  integrated,  fully  compatible  NetShelter®  rack  system  from  APC. 


APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks, 
rack  accessories  and  management  tools  that  ensure 
the  highest  availability  in  a  multi-vendor  environment. 
With  APC's  racks,  accessories,  and  management  tools, 
you  can  design  a  comprehensive  rack  solution  that 
meets  your  availability  needs  for  today  and  that  easily 
scales  up  for  tomorrow. 


Contact  APC  today  and  protect  your  rack  application 
with  Legendary  Reliability. 


P  =  Power  C  -  Cooling  =  Racks 


NetShelter  is  completely 
compatible  with  APC's 
award-winning  InfraStruXure® 
architecture,  allowing  you  to 
add  rack,  power  and  cooling 
on  a  scalable  as-needed  basis. 


Need  assistance?  Our  expert  Configure-to-Order 
Team  can  custom  tailor  a  complete  rack-mount 
solution  that  suits  your  specific  requirements. 


HP/COMPAQ  •  SUN  < 


GUARANTEED 

COMPATIBILITY 


DELL  •CISCO*  LUC 


The  NetShelter®  SX  is 
vendor  neutral  and  carries 
the  "Fits  like  a  Glove" 
compatibility  guarantee. 


NetShelter®  SX  starts  at  $1150 
Rack  enclosures  with  advanced  cooling,  power  distribution,  and 
cable  management  for  server  and  networking  applications  in 
IT  environments. 

•  Integrated  rear  cable  management  channels  allows  easy 
routing,  management  and  access  to  large  numbers  of  data  cables. 
•3000  lbs.  weight  capacity 

•  Vendor  neutral  mounting  for  guaranteed  compatibility 

•  Toolless  mounting  increases  speed  of  deployment 

Rack  PDU  starts  at  $89.99 

Power  distribution  that  remotely  controls  power  to  individual 

outlets  and  monitors  the  aggregate  power  consumption. 

•Switched,  Metered,  and  Basic  models  available 
•Includes  horizontal-,  vertical-,  and  toolless-mount  varieties. 

•Puts  power  in  the  racks  near  the  equipment  where  it  is  needed  most. 

•  Wide  range  of  input  and  output  connections  from  Single-phase 
to  3-phase. 

Cable  Management  starts  at  $29.99 
Comprehensive  selection  of  accessories  designed  to  organize 
power  or  data  cables  within  a  rack  environment. 

•Eliminates  clutter  and  cable  stress. 

•OU  of  rack  space  with  the  vertical  cable  organizer. 

•Quick-release  tabs,  toolless  mounting. 

Rack-mount  Keyboard  Monitor  starts  at  $1550 
I U  rack-mountable  integrated  keyboard,  monitor  and  mouse. 

•15"  or  17"  ultra-thin,  LCD  monitor  with  integrated  keyboard. 

•Ease  of  installation  minimizes  support  and  maintenance  costs 
ensuring  lower  cost  of  ownership. 

•Can  be  used  in  a  variety  of  IT  environments  from  computer  rooms 
to  large  data  centers. 

Blanking  Panels  starts  at  $39.99 

Designed  to  improve  cooling  efficiency  by  preventing  air  recirculation 

within  an  enclosure. 

•  Occupies  1U  of  rack  space. 

•  Vertical  mounting  rails  with  square  holes. 

•Toolless  mounting. 

NetBotz®  Security  and  Environmental  starts  at  $889 
Protecting  IT  assets  from  physical  threats. 

•  Visual  monitoring  of  all  activities  in  the  data  center  or  wiring  closet 

•  Third-party  monitoring  via  dry-contacts,  SNMP  IPMI,  0-5V  and  4-20mA 
•User-configurable  alarm  and  escalation  policies 

•  Temperature,  humidity,  and  leak  detection 


Legendary  Reliability® 


©2006  American  Power  Conversion  Corporation.  All  rights  reserved. 

NetBotz  and  NetShelter  are  registered  trademarks  of  American  Power  Conversion  Corporation.  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  AX4A6BFNAM 


74  •  www.networkworld.com  •  12.4.06 


M  Sales  Offices 


New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Account  Director 
Agata  Joseph,  Sr.  Account  Coordinator 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 

Internet:  elisas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
Internet:  jdibian@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 


M is 

IP 


Midwest/Central 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Agata  Joseph,  Sr.  Account  Coordinator 
Internet:  tdavis,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 

Southeast 

Don  Seay,  Regional  Account  Director 

Internet:  dseay@nww.com 

(404)  504-6225/FAX:  (404)  504-6212  

Northern  California/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 

Karen  Wilde,  Regional  Account  Director 

Vanessa Tormey,  Regional  Account  Director 

Jennell  Hicks,  Regional  Account  Director 

Jennifer  Hallett,  Account  Coordinator 

Cyril Talusan,  Account  Coordinator 

Internet:  skupiec,  kwilde,  vtormey,  jhicks,  ctalusan, 

jhallett@nww.com 

(510)  768-2800/FA X:  (510)  768-2801 

Southwest/Rockies 

Becky  Bogart,  Regional  Account  Director 
Internet:  bbogart@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Online/Integrated  Solutions 

Kevin  Normandeau,  Exec.  Vice  President/General  Mgr.,  Online 
Susan  Cardoza,  Associate  Publisher,  Online 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kate  Zinn,  Online  Account  Director 
Denise  Landry,  Account  Coordinator 
LisaThompson,  Account  Coordinator 
Internet:  knormandeau,  scardoza,  sgutierrez,  dlovell, 
kzinn,  dlandry,  lthompson@nww.com 
(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE/EMERGING  MARKETS 

Enku  Gubaie,  Manager  of  Marketplace/Emerging  Markets 
Chris  Gibney,  Sales  Operations  Coordinator 
Internet:  egubaie,  cgibney@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 


UL 


"7 


l\ 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

Evilee  Ebb,  CEO/Publisher 
John  Gallant,  President/Editorial  Director 
W.  Michael  Draper,  Chief  Operating  Officer 
Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro-White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Eric  Cormier,  Human  Resources  Manager 

MARKETING 

Donna  Pomponi,  Director  of  Marketing 
Barbara  Sullivan,  Senior  Research  Analyst 
Cindy  Panzera,  Marketing  Designer 

PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Quality  Assurance  Specialist 
JamiThompson,  Sr.  Production  Coordinator 
VeronicaTrotto,  Online  Operations  Coordinator 
Jane  Wilbur,  Online  AdTraffic  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 

CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Judy  Cloutier,  Membership  Services  Specialist 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Amy  Bonner,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

Toll  free:  (800)  434-5478  ext.  6026/Direct:  (508)  370-0826 

Fax:  (508)  370-0020 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Neal  Silverman,  ExecutiveV.  R,  Events  &  Executive  Forums 

Andrea  D'Amato,  Sr.  National  Sales  Director 

Mike  Garity,  Sr.  Director,  Marketing  &  Bus.  Development 

Dale  Fisher,  Director  of  Operations 

Jennifer  Sand,  Regional  Account  Director 

Mike  McGoldrick,  Regional  Account  Director 

Grace  Moy,  Regional  Account  Manager 

Leilani  Hammock,  Event  Sales  Representative 

Karen  Bornstein,  Account  Executive 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Sara  Nieburg,  Senior  Marketing  Manager 

Buster  Paris,  Marketing  Specialist 

Cassandra  Valentine,  Registration  &  Customer  Service  Mgr. 
Caroline  Keough,  Event  Planner 
Jacqueline  DiPerna,  Senior  Event  Coordinator 
Christina  Spano,  Event  Coordinator 

ONLINE  SERVICES 

Kevin  Normandeau,  Exec.  Vice  President/General  Mgr.,  Online 

Dan  Gallagher,  Sr.  Director,  Audience  Development 

TerryAnn  Fitzgerald,  Product  Marketing  Director 

Mary  Mclntire,  Sr.  Manager,  Audience  Development 

Adam  Gaffin,  Executive  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Associate  Online  News  Editor 

Chrystie Terry,  Manager  of  Online  Audience  Development 

CLIENT  SERVICES 

Sharon  Stearns,  Director  of  Client  Services 

Frank  Coelho,  Client  Services  Manager 

Leigh  Gagin,  Client  Services  Manager 

Jennifer  Moberg,  Client  Services  Manager 

Cheryl  Butterfield,  Client  Services  Manager 

Judy  Schultz,  Design  Manager 

Deborah  Vozikis,  Online  Design  Manager 

INFORMATION  SYSTEMS 

W.  Michael  Draper,  Chief  Operating  Officer 

Tom  Kroon,  Director  of  Systems  Development 

Anne  Nickinello,  Senior  Systems  Analyst 

Puneet  Narang,  Manager  of  DatabaseTechnologies 

William  Zhang,  Senior  Software  Engineer 

Manav  Sehgal,  Senior  Software  Engineer 

Jason  Croci,  Web  Application  Developer 

Mike  Guerin,  Manager  of  ProductionTechnologies 

Prashanth  Menon,  Database  Support  Specialist 

Rocco  Bortone,  Director  of  Network  IT 

Peter  Hebenstreit,  Senior  Network/Telecom  Engineer 

Brian  Wood,  Senior  Systems  Support  Specialist 

David  Mahoney,  Systems  Support  Specialist 

BUSINESS  SERVICES 

Mark  Anderson,  Business  Services  Manager 
Linda  Cavanagh,  Business  Services  Administrator 


IDG 

Patrick  J.  McGovern,  Chairman  of  the  Board 
,  Bob  Carrigan,  President,  IDG  Communications 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
I  publisher  of  computer-related  information  and  the  leading 
f  global  provider  of  information  services  on  information  tech- 
I  nology.  IDG  publishes  over  300  computer  publications  in  85 
countries.  One  hundred  million  people  read  one  or  more  IDG 
publications  each  month.  Network  World  contributes  to  the 
IDG  News  Service,  offering  the  latest  on  domestic  and  inter¬ 
national  computer  news. 


■cs 


NETWORKWORLD 

■  Editorial  Index 


Advanced  Mir.rn  Devines 

16 

Hitachi 

64 

Red  Hat 

20.  28.  64 

Aleatel-I  nr.ent 

6 

HE 

6 

14.  20,  24.  64,  76 

Revivin 

24 

Alltp.l 

6 

■  1 

Rivermine 

34 

Annie 

1.6 

IRM 

5 

14.  20.  24.  56.  64 

■  s 

AT&T  1.6.22.34.57 

Internet 

_ 22 

ServGate 

24 

A711I  Systems 

16 

Intel 

5,  8.10,14.16 

Snftek 

64 

■  B 

iPass 

22 

Sonic.Wall 

24 

RMC  Software 

56 

■  J 

Sprint 

6.  22.  40.  57 

Rrnr.ade 

64 

Juniper 

10.  24.  28,  58 

Storac.tive 

24 

■  G 

■  L 

Sun 

16.  20.  28 

CA  20.  24.  56.  64 

1  evel  3 

_ 6 

Symantec 

8.  16.  20.  24.  64 

Check  Point 

10,  24  60 

1  iquid  Machines 

12 

Svmnhonv  Snend  Mamt. 

34 

CiRBA 

20 

■  M 

Cisco  1.22.28.30.60.64.76 

McAfee 

26 

3Com 

24 

Cnlasnft 

40 

MCI 

22 

3Par 

64 

Cnmmvanlt 

64 

M  ic.rosof  t 

1 

20  24.  36.  40.  78 

Tangnp. 

36 

CnnSentry  Networks 

58 

■  N 

TeleNav 

40 

Crnssheam 

24 

NEC 

22 

T-Mohile 

52 

Cryptolex  Trust  .Systems 

12 

Network  Anolianc.e 

8,  24 

■  V 

■  D 

Nevis  Networks 

58 

Vancn 

22 

Hell 

6,  14.  28 

Nexsan 

64 

Verizon 

6, 

34.  40.  57 

■  E 

Nortel 

24 

Via  Technologies 

5 

FMC 

6,  24.  64 

Novell 

8,  20 

Virtela  Communications 

22 

Fmulex 

64 

■  0 

VMware 

20  78 

■  F 

Ops  ware 

20,  56 

Vyatta 

28 

Fair  Isaac. 

12 

■  P 

■  w 

Fiherlink 

22 

Parallels 

28 

Watc.hRuard 

24 

Foundry  Networks 

22 

Prnfitl  ine 

34 

■  X 

F-SfiC.ij.re 

2Q 

■  Q 

Xintech 

64 

■  G 

OI  ogio 

_ 64 

X-Tek  Systems 

26 

Good  Technology 

40 

Quickcomm 

34 

Xy7el 

24 

Advertiser  Index 


Advertiser 


URL 


AT&T 

25 

79 

73 

19 

13 

37 

dtSearch 

79 

www.dtsp.arch.  com 

FMC  Corp 


21 


www.FMG.com 


Fluke  Networks 


38  www.flukenetwnrks.com/APM 


Fluke  Networks 


46-47  www.flukenetworks.cQm/48hcs 


ijuanrum  i.orp 

Rose  Fleet rnnics 

_ 

zo 

www.quanium.cQm 

65 

44 

Sensa phone 

79 

www.ims-4f)nn.cnm 

Siemens 

48-49 

www.siemens.com/us/npen 

54 

StinGard  77 

Transition  Networks  Inc. 

55 

63 

Wehsense 

9 

www.wehsense.com/seci  irity 

Foundry  Networks.. 


35 


.  .www.fQundrynet.CQm/sie 


Gateway 


-15-w.ww.gateway.cQm/prQgrams/servers 


Hewlett  Packard 


4L 


.  www.YQuAlwaysHadlt.com/cQQl4 


Hewlett  Packard 


fi]www.hp.CQm/gQ/pr.Q.curve/CERN3 


High  Density  Hosting. Inc  . 


JZ2 


www.hidhQ.CQm 


IBM  Corp 


U ihm.com/systems/innovate70 


IBM  Corp 


29 ibm.com/takebackcontrQl/prQactive 


IBM  Corp 


31  ihm  rom/takehackcontrol/info 


59 

.  23 

52-53 

4 

62 

L 

Microsoft  Corp 

2-3 

17 

43 

NEC 

50-51 

NetApp 

sn 

Netcorriia 

54 

Net  Support  Inc 

71 

Network  Instruments  1  1  C 

72 

18 

Oracle  Corp 

59 

QfadB.com/databasfi 

Network  World  - 

www.networkworld.com 

AMD 

Liebert 

AT&T 

Memory  Store.com 

Adventnet 

Microsoft 

Belden 

NEC  Unified  Solutions 

Bountiful 

Nextel 

CDW 

Nortel 

Cingular  Network 

Okidata 

Citrix 

Opalis  Software 

Communigate 

Racketeer  Inc 

Dell 

Raritan  Computer  Inc. 

Digi  International 

Riverbed  Technology 

EMC 

Secure  Computing 

Entrust 

Server  Technologies 

Fleishman-Hillard 

Sony 

Hewlett  Packard 

Sophos 

IBM 

Sun  Microsystems 

Jumper 

Trapeze 

These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions. 

"Indicates  Regional  Demographic 


NetworkWbrkf 

Events  and  Executive  Forums 


Network  World  Events  and  Executive 
Forums  produces  educational  events 
and  executive  forums  worldwide, 
including  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmobile®,  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.networkworld.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500  and 
up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 
1900  x128  or  E-mail:  networkworld@reprintbuyer.com. 


I  DC  IT  FORUM  &  EXPO 


Learn  from  your  peers  and 
industry-leading  experts  from 
these  organizations: 

•  Autonomy 

•  Avis  Budget 

•  Citizens  Financial  Group 

•  CompuCredit 

•  Dell 

•  Dun  &  Bradstreet 

•  FFF  Enterprises 

•  Fujitsu 

•  HSBC 

•  I  DC 

•  Mass  e-Health  Collaborative 

•  MassPro 

•  Motorola 

•  Rockford  Health  System 

•  Sunbeam  Products 

•  Sunoco 

•  The  Williams  Companies 

•  TRW  Automotive 

•  Wachovia 

•  Western  Georgia  Health  System 

•  Xerox 

Customize  your  conference 
agenda  by  choosing  sessions 
from  these  tracks: 

►  Applications 

►  Services 

►  Enterprise  Infrastructure 

►  Information 
Management 

►  Financial  Services 

►  Healthcare 

►  Manufacturing 


miDC 

Analyze  the  Future 


Be  there  when  IT  innovation  &  business  transformation  take 
center  stage  at  the  2nd  Annual  IDC  IT  Forum  &  Expo. 
Always  a  content-rich,  solutions-oriented  agenda  so  you 
can  make  the  best  decisions  for  your  business. 

■  Learn  how  leading-edge  global  organizations  are  using  IT  to  transform 
their  business  -  choose  from  over  35  end-user  case  studies 

■  Optimize  resources,  increase  efficiency,  lower  costs  -  Multiple  tracks  offer 
extensive  coverage  on  the  most  critical  issues  impacting  IT  and  business 

■  What  shifts  are  occurring  in  the  IT  and  business  landscape  and  how  will 
they  impact  your  organization?  Gain  key  insights  on  how  to  handle  the 
opportunities  and  challenges  ahead  during  four  visionary  keynote  sessions 

■  Two  workshops  on  Negotiation  Skills  and  The  Leadership  Skills  Needed 
to  Become  the  CIO  of  the  Future 

■  Become  the  CIO  of  the  future  -  join  over  1 00  leading  CIOs  at  our 
exclusive,  invitation-only  CIO  Summit 

■  See  the  latest  technologies  in  action  on  the  Exhibit  Floor  to  make  your 
educated  purchasing  decisions 

CONFIRMED  KEYNOTES: 

JOHN  KOTTER, 

Leadership  Expert,  Author, 

Our  Iceberg  is  Melting  & 

Harvard  Business  School  Professor 

CONFIRMED  SPONSORS: 

*  cP 

Autonomy  C  D^LL  FUJITSU 

Contact  Elizabeth  Cutler  at  508.935.4790  or  ecutler@idc.com  for  sponsorship  information 


JOHN  F.  GANTZ, 

Chief  Research  Officer,  IDC 


Exclusive  offer  to 
NWW  subscribers 

Register  now  at 
special  $495  rate 

at  www.idclTexpo.com  and 
enter  code  NWWITF07  in 
the  "promotion  code"  field. 

Offer  expires  December  31,  2006. 


76  •  www.networkworld.com  •  12.4.06 


Ancient  calculator  secrets  revealed 

Researchers  re-imagine  the  mysterious  Antikythera  Mechanism. 


BY  JOHN  COX 

Advanced  imaging  software 
and  3-D  X-ray  tomography  have 
let  scientists  finally  create  the 
most  detailed  reconstruction  yet 
of  a  2,100-year-old  astronomical 
calculator. 

The  latest  research  of  the 
Antikythera  Mechanism  shows  it 
to  be  a  highly  sophisticated  cal¬ 
culator  that  could  add,  subtract 
and  divide  by  means  of  a  com¬ 
plex  and  ingenious  arrangement 
of  37  bronze  gears.  The  gear  train 
moved  a  set  of  pointers  on  dials  to 
accurately  show  the  changing 
positions  of  the  sun  and  moon 
(with  its  phases),  and  quite  possi¬ 
bly  of  the  planets,  and  to  predict 
solar  and  lunar  eclipses. 

Researchers  now  date  its  cre¬ 
ation  slightly  earlier  than  previ¬ 
ously  thought:  between  100  and 
150  B.C. 

One  of  the  key  new  findings  is 
the  discovery  that  the  device 
mechanically  reproduces  the 
mathematics  developed  by  the 
great  second-century  B.C.  astron¬ 
omer  Hipparchus  to  account  for 
the  irregular  movement  of  the 
moon  through  the  heavens. 

“This  is  a  mechanical  reproduc¬ 
tion,  by  means  of  a  clever  [pin- 


New  3-D  X-rays,  such  as  this  one, 


of  the  Antikythera  Mechanism  have 
let  researchers  finally  piece 
together  how  the  2,100-year-old 
astonomical  calculator  worked, 
and  decipher  its  purpose. 

and-slot  arrangement  in  the 
gears]  of  the  so-called  first  lunar 
anomaly  in  Hipparchus’  lunar  the¬ 
ory’  says  Francois  Charette,  a  re¬ 
searcher  with  the  Department  of 
the  History  of  Science,  Ludwig- 
Maximilian  University,  Munich, 
Germany  Charette  authored  an 
assessment  of  the  new  research  in 
a  story  published  in  the  current 
issue  of  the  journal  Nature. 

“This  means  that  the  pin-and- 
slot  device  makes  the  pointer  for 
the  moon  on  the  front  dial  move 


at  varying  speed,  following  (in 
modern  terms)  a  mathematical 
function  that  resembles  more  or 
less  a  sine  curve,”  Charette  says. 

The  research  team  speculates 
that  Hipparchus,  who  lived  from 
about  140  to  120  B.C.  in  Rhodes, 
where  the  mechanism  is  believed 
to  have  been  built,  or  one  of  his 
students  may  have  had  a  hand  in 
its  design. 

The  full  research  results  were 
announced  at  a  two-day  interna¬ 
tional  conference  in  Athens  last 
week,  and  published  online  by 
Nature. 

The  mechanism,  a  clockwork¬ 
like  collection  of  bronze  gears 
and  dials  inscribed  with  Greek 
text  and  numbers,  has  been  slow 
to  yield  its  secrets  since  being  re¬ 
covered  in  1901  from  an  ancient 
wreck  off  the  Greek  island  of 
Antikythera. 

But  critical  new  details  of  the 
gears  and  their  relationships, 
along  with  nearly  1,000  never- 
before-seen  Greek  characters, 
doubling  the  total  number  identi¬ 
fied,  were  revealed  by  means  of 
surface  imaging  software  recently 
developed  by  scientists  at  HP 
Laboratories  and  by  an  8-ton, 
high-resolution, 3-D  X-ray  machine 


McAfee  to  provide  total 
protection  for  corporations 


BY  ELLEN  MESSMER 

McAfee  this  week  plans  to  announce  the  second 
version  of  its  corporate  client  security  software, Total 
Protection,  a  combination  of  antivirus,  antispyware, 
host-based  intrusion-prevention  and  network  access- 
control  policy-enforcement  agent. 

Total  Protection  2.0  adds  a  feature  called 
SiteAdvisor  designed  to  warn  Web  users  that  certain 
Web  sites  present  dangers  by  forcing  unwanted 
applications  onto  the  desktop  or  other  perceived 
risks.  Total  Protection  2.0  also  adds  support  for 
Cisco’s  Network  Admission  Control  (NAC)  technol¬ 
ogy  for  restricting  network  access  if  virus  or  software 
patches  aren’t  up  to  date.  The  McAfee  Total 
Protection  agent  can  carry  out  remediation  for  NAC 
based  on  policies  controlled  via  McAfee’s  eFblicy 
Orchestrator  (ePO)  management  console. 

The  SiteAdvisor  feature  for  Web  surfing  rates  Web 
sites  in  traffic-light  colors  green,  yellow  and  red, “for 
sites  known  to  be  dangerous,”  says  Kevin  LeBlanc, 
McAfee  group  product  marketing  manager. 


The  Windows  XP  version  of  Total  Protection  2.0  will 
include  the  full  set  of  security  features.  However, 
McAfee  will  not  add  the  Cisco  NAC  support  for 
Microsoft’s  32-bit  and  64-bit  Vista  operating  system, 
which  became  available  last  week,  until  further  test¬ 
ing  is  completed. 

And  because  of  Microsoft’s  PatchGuard  feature  in 
64-bit  Vista,  which  restricts  unauthorized  access  to 
the  operating  system  kernel, Total  Protection  2.0  for 
that  platform  will  not  include  the  host-based  intru¬ 
sion  prevention. 

In  addition,  some  features  in  McAfee’s  antivirus 
scanning  will  not  be  included  until  Microsoft 
makes  available  a  set  of  APIs  expected  in  Vista 
Service  Pack  1 . 

“There  are  changes  because  of  64-bit  PatchGuard,” 
LeBlanc  says.  But  he  added  McAfee  believes 
Microsoft  is  “on  track”  with  providing  the  necessary 
APIs  to  the  security  industry 

Pricing  for  Total  Protection  2.0  starts  at  $93  per  seat 
based  on  100  users.B 


from  X-Tek  Systems, Tring,  England 
(www.nwdocfinder.com/6362). 

Those  details  confirm  some  pre¬ 
vious  insights  by  researcher 
Michael  Wright,  based  on  com¬ 
puter-aided  analysis,  with  the  late 
Allen  Bromley  of  the  University  of 
Sydney,  Australia,  of  700  digitized 
X-ray  plates  during  the  1990s. 

The  new  research  details  and 
conclusions  here  are  drawn 
from  the  Nature  stories,  including 
the  paper  by  the  Antikythera 
Mechanism  Research  Project 
investigators. 

Roughly  the  size  of  a  shoebox, 
the  front  of  the  mechanism  shows 
two  concentric  circular  scales,  the 
inner  one  showing  the  Greek 
zodiac  with  360  divisions.  The 
outer,  moveable  scale  is  the 
Egyptian  calendar,  with  12  30-day 
months  plus  five  days.  The  outer 
dial  could  be  moved  to  adjust  for 
leap  years.  Pointers  show  the  rela¬ 
tive  positions  of  the  sun  and 
moon,  based  on  the  Metonic 
cycle  of  235  lunar  months  (the 
interval  between  two  identical 
phases  of  the  moon,  such  as  from 
one  full  moon  to  the  next)  in  19 
solar  years,  Charette  says. 

A  device  showing  the  moon’s 
phase  was  probably  attached  to 
the  moon  pointer. 

On  the  back  of  the  device  are 
two  main  dials,  one  above  the 
other,  both  using  a  spiral  design 
(confirming  Wright’s  earlier  pro¬ 
posal),  whose  pointers  show  time 
based  on  two  other  astronomical 


cycles  identified  by  the  Babylon¬ 
ians.  The  upper  dial  shows  the 
Metonic  cycle  with  a  subsidiary 
dial  showing  the  more  accurate 
Callipic  lunar  cycle,  of  940  lunar 
months  in  76  years  (or  four 
Metonic  cycles  minus  one  day). 

The  second  dial  is  for  the  Saros 
eclipse  repetition  cycle,  which 
predicts  that  a  given  lunar  or  solar 
eclipse  will  be  repeated  223  lunar 
months  later  by  a  similar  eclipse. 

The  researchers  now  believe  the 
device  had  37  gear  wheels;  seven 
of  those  are  deduced  from  the 
now  more  visible  details  of  the 
surviving  wheels.  And  they  agree 
with  Wright’s  speculation  that 
some  of  the  missing  gears  were 
likely  used  to  simulate  the  move¬ 
ment  of  the  known  planets,  mak¬ 
ing  the  Antikythera  Mechanism 
one  of  the  earliest  and  most  com¬ 
plex  planetariums. 

The  Research  Project  intends  to 
create  an  online  database  for  con¬ 
tinuing  study  of  the  Antikythera 
Mechanism  and  of  the  world  and 
minds  that  created  it.  ■ 
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Blogging  from  Athens 

Andrew  Ramsey,  a  computed  tomography 
specialist  with  X-Tek,  blogged  about  the 
findings  as  a  member  of  the  team. 
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BACKSPIN 


Mark  Gibbs 


don’t  want  to  keep  beat¬ 
ing  up  on  Microsoft;  i 
really  don’t,  but  it  is  par¬ 
ticularly  hard  to  avoid 
doing  so  at  the  moment. 
The  company’s  ubiquity  means  that  one  can’t  help  but 
notice  the  sometimes  unpleasant,  occasionally  weird 
and  often  downright  sleazy  things  that  it  does. 

The  thing  that  caught  my  eye  this  week  was  the  follow¬ 
ing  line  in  the  End  User  License  Agreement  (EULA)  for 
Microsoft’s  Vista  Home  Basic  and  Vista  Home  Premium: 
“USE  WITH  VIRTUALIZATION  TECHNOLOGIES. You  may 
not  use  the  software  installed  on  the  licensed  device 
within  a  virtual  (or  otherwise  emulated)  hardware  sys¬ 
tem.”  (See  page  1 1  of  the  EULA  at  www.nwdocfinder 
.com/6369.) 

Several  commentators  have  concluded  that  what  the 
EULA  really  means  is  you  can’t  install  a  second  copy  of 
Vista  Home  Basic  or  Vista  Home  Premium  in  a  virtual 
machine,  but  1  submit  that  is  not  how  a  normal  con¬ 
sumer  would  interpret  the  EULA,  nor  is  that  the  way 
Microsoft  intends  it  to  be  interpreted.  Indeed,  page  1  of 
the  EULA  says:“You  may  install  one  copy  of  the  software 
on  the  licensed  device.You  may  use  the  software  on  up 
to  two  processors  on  that  device  at  one  time.”  That  clause 
covers  the  multiple-use  issue  and  confirms  the  intention 


Hell  yes  to  virtualization! 

i 


of  the  virtualization  prohibition. 

What  is  interesting  is  that  the  prohibition  on  virtualiza¬ 
tion  doesn’t  apply  to  the  Vista  Business  and  Vista 
Ultimate  versions,  so  what  could  be  the  logic  behind 
this?  According  to  an  interview  (see  www.nwdocfinder 
.com/6357)  of  a  Microsoft  spokesman  by  ZDNet  Asia/Vir¬ 
tualization  is  a  fairly  new  technology  and  one  that  we 
think  is  not  yet  mature  enough  for  broad  consumer 
adoption.” 

So  Microsoft  wants  to  “protect”  the  consumer?  That  sim¬ 
ply  makes  no  sense.  It  would  be  like  Microsoft  trying  to 
prevent  the  use  of  Vista  Home  Basic  or  Vista  Home 
Premium  to  access  the  Internet  because  Internet  tech¬ 
nology  is  not  yet  mature  enough. 

But  what  does  “mature  enough”  mean?  Was  Microsoft’s 
Bob  operating  system  mature  enough?  Was  Internet 
Explorer  6  mature  enough?  Was  Windows  95? 

Of  course  not!  But  Microsoft  was  willing  to  let  con¬ 
sumers  use  them  anyway.  In  fact,  it  can  be  argued  that 
no  operating  system  or  large  application  is  ever 
mature  enough,  because  all  of  them  have  bugs,  omis¬ 
sions  and  sundry  design  gotchas  that  can  confound 
even  the  most  technically  proficient,  let  alone  the 
average  consumer. 

Secondly,  to  prohibit  consumers  from  using  a  product 
in  a  manner  that  doesn’t  obviously  relate  to  the  prod¬ 


uct’s  core  value  is  ethically  indefensible. 

The  real  weirdness  clincher  is  making  the  prohibition 
legally  binding  through  the  EULA.  Microsoft  didn’t  just 
provide  advice  to  consumers;  the  company  made  it  so 
that  it  could  take  consumers  to  court  should  they  be 
caught  running  Basic  or  Premium  in  a  virtual  machine. 
That’s  the  way  to  build  a  loyal  consumer  base! 

If  Microsoft  keeps  this  clause  in  the  final  Vista  EULA,  1 
think  every  right-minded  consumer  should  consider 
this  as  an  issue  of  unfair  trade  practice  by  the  corpo¬ 
rate  equivalent  of  a  schoolyard  bully.  Consumers  should 
get  themselves  a  virtualization  system,  such  as  VMware 
or  Parallels,  and  run  it  with  Vista  Basic  or  Vista  Premium 
on  principle.  If  Microsoft  decides  to  take  legal  action,  I 
think  we’ll  all  ante  up  for  the  consumer’s  defense. 

Letting  Microsoft  get  away  with  this  nonsense  will  set  a 
precedent  that  will  come  back  to  bite  us  in  the  digital 
assets,  allowing,  as  it  will, software  vendors  and  ultimate¬ 
ly  hardware  vendors  to  dictate  how,  when  and  where  we 
can  use  their  products.The  first  hurdle  will  be  the  con¬ 
sumer  market,  and  the  professional  market  will  be  next. 
How  hard  do  you  want  your  job  and  your  life  to  be? 

Bottom  line:  Just  say  “Hell,  yes”  to  virtualization. 

Commercial  disobedience  plans  to  backspin 
@gibbs.com. 


ETBUZZ  News,  insights  and  oddities 

‘Gates  for  president’  bandwagon  picks  up 


Cartoonist  Scott  Adams  started  this  flapdoodle 
Paul  McNamara  with  a  Nov.  ^  post  on  The  Dilbert  Blog  that  suggest¬ 

ed  there  isn't  anything  wrong  with  this  country  that 
President  Bill  Gates  couldn't  cure  in  less  time  than  it  takes  to  get  a  new  operat¬ 
ing  system  out  the  door.  Hey,  everyone  enjoys  a  good  chuckle  .  . .  and  don't  you 
just  love  that  Dogbert? 

But  now  Adams  has  thrown  his  weight,  such  that  even  the  best  cartoonist  can 
muster,  behind  a  newly  launched  “Bill  Gates  for  President”  Web  site  —  www.billgates- 
forpresident.net  —  a  site  that  to  my  eyes  and  based  on  an  e-mail  exchange  with  one  of 
its  organizers  doesn't  appear  to  warrant  such  an  apparently  dead-serious  endorse¬ 
ment —  even  from  a  professional  funnyman. 

Easiest  part  first:There  is  no  more  chance  of  Bill  Gates  running  for —  never  mind 
becoming  —  president  than  there  is  that  the  newly  separated  Pamela  Anderson  will  go 
running  into  the  arms  of  Bill  Clinton.  (No,  wait,  the  chance  is  much  less  than  that.) 

Nevertheless,  the  Bill  Gates  for  president  Web  site  appears  reasonably  sophisticated, 
entirely  earnest  and  begs  us  all  to  take  the  idea  seriously. 

And  at  least  one  celebrity  has  obliged  them.  In  a  Dilbert  Blog  post  lastThursday 
titled  “Bill  Gates  for  President,"  Adams  writes:  “In  an  earlier  post  I  said  Bill  Gates 
would  make  an  excellent  president  because  he's  a  successful  businessman,  makes 
decisions  based  on  reason  instead  of  superstition,  and  has  a  track  record  of  trying  to 
help  the  poor  through  his  foundation.  Apparently  I  am  not  alone.There’s  a  new  Web  site 
dedicated  to  getting  him  elected:  www.BillGatesforPresident.net.” 

"I  was  amazed  at  the  reaction  when  I  first  mentioned  the  idea.  Most  of  the  comments 
were  one  of  these.  1. 1  would  vote  for  Bill  Gates.  2.  Bill  Gates  did  (some  evil  business 

thing) _ The  fascinating  thing  is  that  even  the  comments  about  his  evil-doings  are 

FAVORABLE  to  the  concept  of  Bill  Gates  for  president.” 

After  a  bit  of  explanation  and  poking  mild  fun  at  his  own  idea,  Adams  concludes: 

"Bill  Gates  for  president  —  you  could  say  you  have  a  better  idea,  but  you’d  be  lying. 


Are  there  any  pollsters  out  there  who  want  to  see  how  he  stacks  up  against  the  field?” 

Let’s  toss  Pam  Anderson  in  that  field  just  for  fun. 

The  grass-roots  brigade  over  at  Bill  Gates  for  President  could  only  have  been  more 
tickled  had  those  words  come  from  Gates  himself. 

"A  little  over  an  hour  ago  Scott  Adams  has  blown  a  whole  lot  of  extra  life  into 
our  ambitious  Web  site,"  they  write.  “Thanks,  Scott!  It’s  great  to  see  we’re  not 
alone,  and  we’re  sure  more  people  will  jump  on  the  bandwagon  in  the  next  few 
days  and  weeks.” 

Trouble  with  their  Web  site  —  one  trouble  —  is  that  you  can’t  really  tell  who’s  behind 
it.  And  if  you’ve  spent  any  time  at  all  trying  to  separate  the  serious  from  the  posers  on 
the  'Net,  you  know  that  a  lack  of  contact  info  just  about  screams  run  away.They  did 
have  a  Web  form  to  submit  questions,  though,  so  I  sent  this  one: 

“Who  are  you?  I  ask  not  to  be  glib,  but  because  you're  asking  to  be  taken  seriously, 
yet  you  offer  no  serious  contact  information  on  the  site.This  leads  me  to  guess  that 
you  are  in  no  way  serious,  but  are  on  a  lark  of  some  kind.  Please  let  me  know.” 

Surprisingly,  I  received  a  reply  within  minutes: 

“Hi  Paul:  You  make  a  very  good  point  here,  and  I’ll  have  to  consider  putting  up  a  list  of 
people  who  are  currently  involved  with  the  Web  site.  I  agree  on  the  fact  that  content  is 
as  trustworthy  as  its  source,  so  I  see  where  you’re  coming  from  very  well.  I  will  only 
consider  identifying  ourselves  publicly  if  we  can  do  it  as  a  collective.” 

“As  soon  as  I've  had  the  chance  to  talk  to  some  more  people  behind  this  project  I  will 
get  back  to  you  (I  wish  I  could  give  you  a  time  frame,  but  things  have  been  pretty  hectic 
since  Scott’s  blog  post).  Please  don’t  blow  us  off  for  being  attention-seekers,  though. 
We  are  here  to  provoke  thought,  not  to  rant." 

The  reply  was  signed,  "Kind  regards,  Bert.” 

Guess  Ernie  was  busy  polishing  Bill’s  first  State  of  the  Union  Address. 

Nominate  your  own  billionaire.  The  address  is  buzz@nww.com. 


NetVanta  7100 
Integrated  IP  PBX,  Voicemail, 
Auto  Attendant,  Router,  24-port 
PoE  Switch,  VPN,  Firewall 

ADTRAN  offers  a  broad 
range  of  IP  phones  to 
meet  your  business 
/  communication  needs 


The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  andVPN/Firewall  solutions, 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box— 
provides  a  complete  solution  for  growing  small  and  medium. 

■  businesses.  Your  office  communications  can  be  up  and  running 

quickly  and  smoothly  with  this  converged  IP  platform. 


A  NetVanta  7100 

A  phone  system  and 
data  network, 

all  in  a  single  device 


Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  lower  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN’s  100%  satisfaction  guarantee,  backed  -  • 
by  industry-leading  technical  support  (before  and  after  the  sale),  ? 
free  firmware  upgrades,  and  a  full  5-year  warranty. 


www.adtran.com/ipt 

1.800  9ADTRAN 

(923-8726) 
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ENTERPRISE  STORAGE  FOR  ALL  BUSINESS  APPS. 

INSTANT  DATA  RECOVERY. 

RAPID  SMILE  DEPLOYMENT. 


PICK  ANY  THREE. 
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FOR  EVERYTHING  with  netapp. 
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£hgjfieer  pr.CEO.  we.  don’t  compromise  on  your  data  center  storage  solution,  so  you  don’t  have  to  either.  That’s  why  we  have 
enterprise  deployments  and  counting.  With  NetApp,  backups  don’t  affect  system  performance  or  capacity,  so 

Ih^nn  rnoreoften  to  better  protect  your  data.  And  instant  recovery  from  application  failures  allows  you  to  meet  NOtAnQ 

'  ir.'.rnpst  stringent  SLAs;  Add  to  that  the  lowest  TCO  in  the  industry,  and  it’s  no  wonder  that  we’re  trusted  by  the  world's 
.,s|l^d:^bGfTipaioi6s.  It’s  what  we  live  for.  We’ll  smile  when  you  have  the  right  storage  solution  for  your  enterprise  applications.  Simplifying  Data  Management 
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the. uncontrollable  grin  at  vvww.:netapp.corh/bizapps 
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